Define the Direct3DRM GUIDs in d3drm.h.
[wine] / dlls / advapi32 / security.c
1 /*
2  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18  *
19  */
20
21 #include <stdarg.h>
22 #include <string.h>
23
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winerror.h"
27 #include "rpcnterr.h"
28 #include "winreg.h"
29 #include "winternl.h"
30 #include "winioctl.h"
31 #include "ntstatus.h"
32 #include "ntsecapi.h"
33 #include "accctrl.h"
34 #include "sddl.h"
35 #include "winsvc.h"
36 #include "aclapi.h"
37
38 #include "wine/debug.h"
39 #include "wine/unicode.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
42
43 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
44 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, 
45     PACL pAcl, LPDWORD cBytes);
46 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
47 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
48 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
49 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
50     LPCWSTR StringSecurityDescriptor,
51     SECURITY_DESCRIPTOR* SecurityDescriptor,
52     LPDWORD cBytes);
53 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
54
55 typedef struct _ACEFLAG
56 {
57    LPCWSTR wstr;
58    DWORD value;
59 } ACEFLAG, *LPACEFLAG;
60
61 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
62
63 /*
64  * ACE access rights
65  */
66 static const WCHAR SDDL_READ_CONTROL[]     = {'R','C',0};
67 static const WCHAR SDDL_WRITE_DAC[]        = {'W','D',0};
68 static const WCHAR SDDL_WRITE_OWNER[]      = {'W','O',0};
69 static const WCHAR SDDL_STANDARD_DELETE[]  = {'S','D',0};
70 static const WCHAR SDDL_GENERIC_ALL[]      = {'G','A',0};
71 static const WCHAR SDDL_GENERIC_READ[]     = {'G','R',0};
72 static const WCHAR SDDL_GENERIC_WRITE[]    = {'G','W',0};
73 static const WCHAR SDDL_GENERIC_EXECUTE[]  = {'G','X',0};
74
75 /*
76  * ACE types
77  */
78 static const WCHAR SDDL_ACCESS_ALLOWED[]        = {'A',0};
79 static const WCHAR SDDL_ACCESS_DENIED[]         = {'D',0};
80 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
81 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[]  = {'O','D',0};
82 static const WCHAR SDDL_AUDIT[]                 = {'A','U',0};
83 static const WCHAR SDDL_ALARM[]                 = {'A','L',0};
84 static const WCHAR SDDL_OBJECT_AUDIT[]          = {'O','U',0};
85 static const WCHAR SDDL_OBJECT_ALARMp[]         = {'O','L',0};
86
87 /*
88  * ACE flags
89  */
90 static const WCHAR SDDL_CONTAINER_INHERIT[]  = {'C','I',0};
91 static const WCHAR SDDL_OBJECT_INHERIT[]     = {'O','I',0};
92 static const WCHAR SDDL_NO_PROPAGATE[]       = {'N','P',0};
93 static const WCHAR SDDL_INHERIT_ONLY[]       = {'I','O',0};
94 static const WCHAR SDDL_INHERITED[]          = {'I','D',0};
95 static const WCHAR SDDL_AUDIT_SUCCESS[]      = {'S','A',0};
96 static const WCHAR SDDL_AUDIT_FAILURE[]      = {'F','A',0};
97
98 /* set last error code from NT status and get the proper boolean return value */
99 /* used for functions that are a simple wrapper around the corresponding ntdll API */
100 static inline BOOL set_ntstatus( NTSTATUS status )
101 {
102     if (status) SetLastError( RtlNtStatusToDosError( status ));
103     return !status;
104 }
105
106 #define WINE_SIZE_OF_WORLD_ACCESS_ACL   (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD))
107
108 static void GetWorldAccessACL(PACL pACL)
109 {
110     PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1);
111
112     pACL->AclRevision = ACL_REVISION;
113     pACL->Sbz1 = 0;
114     pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL;
115     pACL->AceCount = 1;
116     pACL->Sbz2 = 0;
117
118     pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
119     pACE->Header.AceFlags = CONTAINER_INHERIT_ACE;
120     pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD);
121     pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */
122     memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld));
123 }
124
125 /************************************************************
126  *                ADVAPI_IsLocalComputer
127  *
128  * Checks whether the server name indicates local machine.
129  */
130 static BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
131 {
132     DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
133     BOOL Result;
134     LPWSTR buf;
135
136     if (!ServerName || !ServerName[0])
137         return TRUE;
138     
139     buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
140     Result = GetComputerNameW(buf,  &dwSize);
141     if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
142         ServerName += 2;
143     Result = Result && !lstrcmpW(ServerName, buf);
144     HeapFree(GetProcessHeap(), 0, buf);
145
146     return Result;
147 }
148
149 /*      ##############################
150         ######  TOKEN FUNCTIONS ######
151         ##############################
152 */
153
154 /******************************************************************************
155  * OpenProcessToken                     [ADVAPI32.@]
156  * Opens the access token associated with a process handle.
157  *
158  * PARAMS
159  *   ProcessHandle [I] Handle to process
160  *   DesiredAccess [I] Desired access to process
161  *   TokenHandle   [O] Pointer to handle of open access token
162  *
163  * RETURNS
164  *  Success: TRUE. TokenHandle contains the access token.
165  *  Failure: FALSE.
166  *
167  * NOTES
168  *  See NtOpenProcessToken.
169  */
170 BOOL WINAPI
171 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
172                   HANDLE *TokenHandle )
173 {
174         return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
175 }
176
177 /******************************************************************************
178  * OpenThreadToken [ADVAPI32.@]
179  *
180  * Opens the access token associated with a thread handle.
181  *
182  * PARAMS
183  *   ThreadHandle  [I] Handle to process
184  *   DesiredAccess [I] Desired access to the thread
185  *   OpenAsSelf    [I] ???
186  *   TokenHandle   [O] Destination for the token handle
187  *
188  * RETURNS
189  *  Success: TRUE. TokenHandle contains the access token.
190  *  Failure: FALSE.
191  *
192  * NOTES
193  *  See NtOpenThreadToken.
194  */
195 BOOL WINAPI
196 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
197                  BOOL OpenAsSelf, HANDLE *TokenHandle)
198 {
199         return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
200 }
201
202 BOOL WINAPI
203 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState,
204                    DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength )
205 {
206     return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength,
207                                              PreviousState, ReturnLength));
208 }
209
210 /******************************************************************************
211  * AdjustTokenPrivileges [ADVAPI32.@]
212  *
213  * Adjust the privileges of an open token handle.
214  * 
215  * PARAMS
216  *  TokenHandle          [I]   Handle from OpenProcessToken() or OpenThreadToken() 
217  *  DisableAllPrivileges [I]   TRUE=Remove all privileges, FALSE=Use NewState
218  *  NewState             [I]   Desired new privileges of the token
219  *  BufferLength         [I]   Length of NewState
220  *  PreviousState        [O]   Destination for the previous state
221  *  ReturnLength         [I/O] Size of PreviousState
222  *
223  *
224  * RETURNS
225  *  Success: TRUE. Privileges are set to NewState and PreviousState is updated.
226  *  Failure: FALSE.
227  *
228  * NOTES
229  *  See NtAdjustPrivilegesToken.
230  */
231 BOOL WINAPI
232 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
233                        LPVOID NewState, DWORD BufferLength,
234                        LPVOID PreviousState, LPDWORD ReturnLength )
235 {
236     NTSTATUS status;
237
238     TRACE("\n");
239     
240     status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges,
241                                                      NewState, BufferLength, PreviousState,
242                                                      ReturnLength);
243     SetLastError( RtlNtStatusToDosError( status ));
244     if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED))
245         return TRUE;
246     else
247         return FALSE;
248 }
249
250 /******************************************************************************
251  * CheckTokenMembership [ADVAPI32.@]
252  *
253  * Determine if an access token is a member of a SID.
254  * 
255  * PARAMS
256  *   TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
257  *   SidToCheck  [I] SID that possibly contains the token
258  *   IsMember    [O] Destination for result.
259  *
260  * RETURNS
261  *  Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
262  *  Failure: FALSE.
263  */
264 BOOL WINAPI
265 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
266                       PBOOL IsMember )
267 {
268   FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
269
270   *IsMember = TRUE;
271   return(TRUE);
272 }
273
274 /******************************************************************************
275  * GetTokenInformation [ADVAPI32.@]
276  *
277  * PARAMS
278  *   token           [I] Handle from OpenProcessToken() or OpenThreadToken()
279  *   tokeninfoclass  [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
280  *   tokeninfo       [O] Destination for token information
281  *   tokeninfolength [I] Length of tokeninfo
282  *   retlen          [O] Destination for returned token information length
283  *
284  * RETURNS
285  *  Success: TRUE. tokeninfo contains retlen bytes of token information
286  *  Failure: FALSE.
287  *
288  * NOTES
289  *  See NtQueryInformationToken.
290  */
291 BOOL WINAPI
292 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
293                      LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
294 {
295     TRACE("(%p, %s, %p, %ld, %p): \n",
296           token,
297           (tokeninfoclass == TokenUser) ? "TokenUser" :
298           (tokeninfoclass == TokenGroups) ? "TokenGroups" :
299           (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
300           (tokeninfoclass == TokenOwner) ? "TokenOwner" :
301           (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
302           (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
303           (tokeninfoclass == TokenSource) ? "TokenSource" :
304           (tokeninfoclass == TokenType) ? "TokenType" :
305           (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
306           (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
307           (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
308           (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
309           (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
310           (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
311           (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
312           "Unknown",
313           tokeninfo, tokeninfolength, retlen);
314     return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo,
315                                                   tokeninfolength, retlen));
316 }
317
318 /******************************************************************************
319  * SetTokenInformation [ADVAPI32.@]
320  *
321  * Set information for an access token.
322  *
323  * PARAMS
324  *   token           [I] Handle from OpenProcessToken() or OpenThreadToken()
325  *   tokeninfoclass  [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
326  *   tokeninfo       [I] Token information to set
327  *   tokeninfolength [I] Length of tokeninfo
328  *
329  * RETURNS
330  *  Success: TRUE. The information for the token is set to tokeninfo.
331  *  Failure: FALSE.
332  */
333 BOOL WINAPI
334 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
335                      LPVOID tokeninfo, DWORD tokeninfolength )
336 {
337     TRACE("(%p, %s, %p, %ld): stub\n",
338           token,
339           (tokeninfoclass == TokenUser) ? "TokenUser" :
340           (tokeninfoclass == TokenGroups) ? "TokenGroups" :
341           (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
342           (tokeninfoclass == TokenOwner) ? "TokenOwner" :
343           (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
344           (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
345           (tokeninfoclass == TokenSource) ? "TokenSource" :
346           (tokeninfoclass == TokenType) ? "TokenType" :
347           (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
348           (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
349           (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
350           (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
351           (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
352           (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
353           (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
354           "Unknown",
355           tokeninfo, tokeninfolength);
356
357     return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
358 }
359
360 /*************************************************************************
361  * SetThreadToken [ADVAPI32.@]
362  *
363  * Assigns an 'impersonation token' to a thread so it can assume the
364  * security privileges of another thread or process.  Can also remove
365  * a previously assigned token. 
366  *
367  * PARAMS
368  *   thread          [O] Handle to thread to set the token for
369  *   token           [I] Token to set
370  *
371  * RETURNS
372  *  Success: TRUE. The threads access token is set to token
373  *  Failure: FALSE.
374  *
375  * NOTES
376  *  Only supported on NT or higher. On Win9X this function does nothing.
377  *  See SetTokenInformation.
378  */
379 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
380 {
381     return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(),
382                                                  ThreadImpersonationToken, &token, sizeof token ));
383 }
384
385 /*      ##############################
386         ######  SID FUNCTIONS   ######
387         ##############################
388 */
389
390 /******************************************************************************
391  * AllocateAndInitializeSid [ADVAPI32.@]
392  *
393  * PARAMS
394  *   pIdentifierAuthority []
395  *   nSubAuthorityCount   []
396  *   nSubAuthority0       []
397  *   nSubAuthority1       []
398  *   nSubAuthority2       []
399  *   nSubAuthority3       []
400  *   nSubAuthority4       []
401  *   nSubAuthority5       []
402  *   nSubAuthority6       []
403  *   nSubAuthority7       []
404  *   pSid                 []
405  */
406 BOOL WINAPI
407 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
408                           BYTE nSubAuthorityCount,
409                           DWORD nSubAuthority0, DWORD nSubAuthority1,
410                           DWORD nSubAuthority2, DWORD nSubAuthority3,
411                           DWORD nSubAuthority4, DWORD nSubAuthority5,
412                           DWORD nSubAuthority6, DWORD nSubAuthority7,
413                           PSID *pSid )
414 {
415     return set_ntstatus( RtlAllocateAndInitializeSid(
416                              pIdentifierAuthority, nSubAuthorityCount,
417                              nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
418                              nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
419                              pSid ));
420 }
421
422 /******************************************************************************
423  * FreeSid [ADVAPI32.@]
424  *
425  * PARAMS
426  *   pSid []
427  */
428 PVOID WINAPI
429 FreeSid( PSID pSid )
430 {
431         RtlFreeSid(pSid);
432         return NULL; /* is documented like this */
433 }
434
435 /******************************************************************************
436  * CopySid [ADVAPI32.@]
437  *
438  * PARAMS
439  *   nDestinationSidLength []
440  *   pDestinationSid       []
441  *   pSourceSid            []
442  */
443 BOOL WINAPI
444 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
445 {
446         return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
447 }
448
449 BOOL WINAPI
450 IsTokenRestricted( HANDLE TokenHandle )
451 {
452     TOKEN_GROUPS *groups;
453     DWORD size;
454     NTSTATUS status;
455     BOOL restricted;
456
457     TRACE("(%p)\n", TokenHandle);
458  
459     status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size);
460     if (status != STATUS_BUFFER_TOO_SMALL)
461         return FALSE;
462  
463     groups = HeapAlloc(GetProcessHeap(), 0, size);
464     if (!groups)
465     {
466         SetLastError(ERROR_OUTOFMEMORY);
467         return FALSE;
468     }
469  
470     status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size);
471     if (status != STATUS_SUCCESS)
472     {
473         HeapFree(GetProcessHeap(), 0, groups);
474         return set_ntstatus(status);
475     }
476  
477     if (groups->GroupCount)
478         restricted = TRUE;
479     else
480         restricted = FALSE;
481      
482     HeapFree(GetProcessHeap(), 0, groups);
483  
484     return restricted;
485 }
486
487 /******************************************************************************
488  * IsValidSid [ADVAPI32.@]
489  *
490  * PARAMS
491  *   pSid []
492  */
493 BOOL WINAPI
494 IsValidSid( PSID pSid )
495 {
496         return RtlValidSid( pSid );
497 }
498
499 /******************************************************************************
500  * EqualSid [ADVAPI32.@]
501  *
502  * PARAMS
503  *   pSid1 []
504  *   pSid2 []
505  */
506 BOOL WINAPI
507 EqualSid( PSID pSid1, PSID pSid2 )
508 {
509         return RtlEqualSid( pSid1, pSid2 );
510 }
511
512 /******************************************************************************
513  * EqualPrefixSid [ADVAPI32.@]
514  */
515 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
516 {
517         return RtlEqualPrefixSid(pSid1, pSid2);
518 }
519
520 /******************************************************************************
521  * GetSidLengthRequired [ADVAPI32.@]
522  *
523  * PARAMS
524  *   nSubAuthorityCount []
525  */
526 DWORD WINAPI
527 GetSidLengthRequired( BYTE nSubAuthorityCount )
528 {
529         return RtlLengthRequiredSid(nSubAuthorityCount);
530 }
531
532 /******************************************************************************
533  * InitializeSid [ADVAPI32.@]
534  *
535  * PARAMS
536  *   pIdentifierAuthority []
537  */
538 BOOL WINAPI
539 InitializeSid (
540         PSID pSid,
541         PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
542         BYTE nSubAuthorityCount)
543 {
544         return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
545 }
546
547 DWORD WINAPI
548 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights )
549 {
550     FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
551
552     return 1;
553 }
554
555 DWORD WINAPI
556 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights )
557 {
558     FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights);
559
560     return 1;
561 }
562
563 /******************************************************************************
564  * GetSidIdentifierAuthority [ADVAPI32.@]
565  *
566  * PARAMS
567  *   pSid []
568  */
569 PSID_IDENTIFIER_AUTHORITY WINAPI
570 GetSidIdentifierAuthority( PSID pSid )
571 {
572         return RtlIdentifierAuthoritySid(pSid);
573 }
574
575 /******************************************************************************
576  * GetSidSubAuthority [ADVAPI32.@]
577  *
578  * PARAMS
579  *   pSid          []
580  *   nSubAuthority []
581  */
582 PDWORD WINAPI
583 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
584 {
585         return RtlSubAuthoritySid(pSid, nSubAuthority);
586 }
587
588 /******************************************************************************
589  * GetSidSubAuthorityCount [ADVAPI32.@]
590  *
591  * PARAMS
592  *   pSid []
593  */
594 PUCHAR WINAPI
595 GetSidSubAuthorityCount (PSID pSid)
596 {
597         return RtlSubAuthorityCountSid(pSid);
598 }
599
600 /******************************************************************************
601  * GetLengthSid [ADVAPI32.@]
602  *
603  * PARAMS
604  *   pSid []
605  */
606 DWORD WINAPI
607 GetLengthSid (PSID pSid)
608 {
609         return RtlLengthSid(pSid);
610 }
611
612 /*      ##############################################
613         ######  SECURITY DESCRIPTOR FUNCTIONS   ######
614         ##############################################
615 */
616
617  /****************************************************************************** 
618  * BuildSecurityDescriptorA [ADVAPI32.@]
619  *
620  * Builds a SD from 
621  *
622  * PARAMS
623  *  pOwner                [I]
624  *  pGroup                [I]
625  *  cCountOfAccessEntries [I]
626  *  pListOfAccessEntries  [I]
627  *  cCountOfAuditEntries  [I]
628  *  pListofAuditEntries   [I]
629  *  pOldSD                [I]
630  *  lpdwBufferLength      [I/O]
631  *  pNewSD                [O]
632  */
633 DWORD WINAPI BuildSecurityDescriptorA(
634     IN PTRUSTEE_A pOwner,
635     IN PTRUSTEE_A pGroup,
636     IN DWORD cCountOfAccessEntries,
637     IN PEXPLICIT_ACCESS_A pListOfAccessEntries,
638     IN DWORD cCountOfAuditEntries,
639     IN PEXPLICIT_ACCESS_A pListofAuditEntries,
640     IN PSECURITY_DESCRIPTOR pOldSD,
641     IN OUT PDWORD lpdwBufferLength,
642     OUT PSECURITY_DESCRIPTOR pNewSD)
643
644     FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
645           cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
646           pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
647  
648     return ERROR_CALL_NOT_IMPLEMENTED;
649
650  
651 /******************************************************************************
652  * BuildSecurityDescriptorW [ADVAPI32.@]
653  *
654  * See BuildSecurityDescriptorA.
655  */
656 DWORD WINAPI BuildSecurityDescriptorW(
657     IN PTRUSTEE_W pOwner,
658     IN PTRUSTEE_W pGroup,
659     IN DWORD cCountOfAccessEntries,
660     IN PEXPLICIT_ACCESS_W pListOfAccessEntries,
661     IN DWORD cCountOfAuditEntries,
662     IN PEXPLICIT_ACCESS_W pListofAuditEntries,
663     IN PSECURITY_DESCRIPTOR pOldSD,
664     IN OUT PDWORD lpdwBufferLength,
665     OUT PSECURITY_DESCRIPTOR pNewSD)
666
667     FIXME("(%p,%p,%ld,%p,%ld,%p,%p,%p,%p) stub!\n",pOwner,pGroup,
668           cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries,
669           pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD);
670  
671     return ERROR_CALL_NOT_IMPLEMENTED;
672
673
674 /******************************************************************************
675  * InitializeSecurityDescriptor [ADVAPI32.@]
676  *
677  * PARAMS
678  *   pDescr   []
679  *   revision []
680  */
681 BOOL WINAPI
682 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
683 {
684         return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision ));
685 }
686
687
688 /******************************************************************************
689  * MakeAbsoluteSD [ADVAPI32.@]
690  */
691 BOOL WINAPI MakeAbsoluteSD (
692         IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
693         OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
694         OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
695         OUT PACL pDacl,
696         OUT LPDWORD lpdwDaclSize,
697         OUT PACL pSacl,
698         OUT LPDWORD lpdwSaclSize,
699         OUT PSID pOwner,
700         OUT LPDWORD lpdwOwnerSize,
701         OUT PSID pPrimaryGroup,
702         OUT LPDWORD lpdwPrimaryGroupSize)
703 {
704     return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
705                                                      pAbsoluteSecurityDescriptor,
706                                                      lpdwAbsoluteSecurityDescriptorSize,
707                                                      pDacl, lpdwDaclSize, pSacl, lpdwSaclSize,
708                                                      pOwner, lpdwOwnerSize,
709                                                      pPrimaryGroup, lpdwPrimaryGroupSize));
710 }
711
712 /******************************************************************************
713  * GetKernelObjectSecurity [ADVAPI32.@]
714  */
715 BOOL WINAPI GetKernelObjectSecurity(
716         HANDLE Handle,
717         SECURITY_INFORMATION RequestedInformation,
718         PSECURITY_DESCRIPTOR pSecurityDescriptor,
719         DWORD nLength,
720         LPDWORD lpnLengthNeeded )
721 {
722     TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", Handle, RequestedInformation,
723           pSecurityDescriptor, nLength, lpnLengthNeeded);
724
725     return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
726                                                nLength, lpnLengthNeeded ));
727 }
728
729 /******************************************************************************
730  * GetPrivateObjectSecurity [ADVAPI32.@]
731  */
732 BOOL WINAPI GetPrivateObjectSecurity(
733         PSECURITY_DESCRIPTOR ObjectDescriptor,
734         SECURITY_INFORMATION SecurityInformation,
735         PSECURITY_DESCRIPTOR ResultantDescriptor,
736         DWORD DescriptorLength,
737         PDWORD ReturnLength )
738 {
739     TRACE("(%p,0x%08lx,%p,0x%08lx,%p)\n", ObjectDescriptor, SecurityInformation,
740           ResultantDescriptor, DescriptorLength, ReturnLength);
741
742     return set_ntstatus( NtQuerySecurityObject(ObjectDescriptor, SecurityInformation,
743                                                ResultantDescriptor, DescriptorLength, ReturnLength ));
744 }
745
746 /******************************************************************************
747  * GetSecurityDescriptorLength [ADVAPI32.@]
748  */
749 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
750 {
751         return RtlLengthSecurityDescriptor(pDescr);
752 }
753
754 /******************************************************************************
755  * GetSecurityDescriptorOwner [ADVAPI32.@]
756  *
757  * PARAMS
758  *   pOwner            []
759  *   lpbOwnerDefaulted []
760  */
761 BOOL WINAPI
762 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
763                             LPBOOL lpbOwnerDefaulted )
764 {
765     BOOLEAN defaulted;
766     BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted ));
767     *lpbOwnerDefaulted = defaulted;
768     return ret;
769 }
770
771 /******************************************************************************
772  * SetSecurityDescriptorOwner [ADVAPI32.@]
773  *
774  * PARAMS
775  */
776 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
777                                    PSID pOwner, BOOL bOwnerDefaulted)
778 {
779     return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
780 }
781 /******************************************************************************
782  * GetSecurityDescriptorGroup                   [ADVAPI32.@]
783  */
784 BOOL WINAPI GetSecurityDescriptorGroup(
785         PSECURITY_DESCRIPTOR SecurityDescriptor,
786         PSID *Group,
787         LPBOOL GroupDefaulted)
788 {
789     BOOLEAN defaulted;
790     BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted ));
791     *GroupDefaulted = defaulted;
792     return ret;
793 }
794 /******************************************************************************
795  * SetSecurityDescriptorGroup [ADVAPI32.@]
796  */
797 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
798                                            PSID Group, BOOL GroupDefaulted)
799 {
800     return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
801 }
802
803 /******************************************************************************
804  * IsValidSecurityDescriptor [ADVAPI32.@]
805  *
806  * PARAMS
807  *   lpsecdesc []
808  */
809 BOOL WINAPI
810 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
811 {
812     return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor));
813 }
814
815 /******************************************************************************
816  *  GetSecurityDescriptorDacl                   [ADVAPI32.@]
817  */
818 BOOL WINAPI GetSecurityDescriptorDacl(
819         IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
820         OUT LPBOOL lpbDaclPresent,
821         OUT PACL *pDacl,
822         OUT LPBOOL lpbDaclDefaulted)
823 {
824     BOOLEAN present, defaulted;
825     BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted));
826     *lpbDaclPresent = present;
827     *lpbDaclDefaulted = defaulted;
828     return ret;
829 }
830
831 /******************************************************************************
832  *  SetSecurityDescriptorDacl                   [ADVAPI32.@]
833  */
834 BOOL WINAPI
835 SetSecurityDescriptorDacl (
836         PSECURITY_DESCRIPTOR lpsd,
837         BOOL daclpresent,
838         PACL dacl,
839         BOOL dacldefaulted )
840 {
841     return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) );
842 }
843 /******************************************************************************
844  *  GetSecurityDescriptorSacl                   [ADVAPI32.@]
845  */
846 BOOL WINAPI GetSecurityDescriptorSacl(
847         IN PSECURITY_DESCRIPTOR lpsd,
848         OUT LPBOOL lpbSaclPresent,
849         OUT PACL *pSacl,
850         OUT LPBOOL lpbSaclDefaulted)
851 {
852     BOOLEAN present, defaulted;
853     BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) );
854     *lpbSaclPresent = present;
855     *lpbSaclDefaulted = defaulted;
856     return ret;
857 }
858
859 /**************************************************************************
860  * SetSecurityDescriptorSacl                    [ADVAPI32.@]
861  */
862 BOOL WINAPI SetSecurityDescriptorSacl (
863         PSECURITY_DESCRIPTOR lpsd,
864         BOOL saclpresent,
865         PACL lpsacl,
866         BOOL sacldefaulted)
867 {
868     return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
869 }
870 /******************************************************************************
871  * MakeSelfRelativeSD [ADVAPI32.@]
872  *
873  * PARAMS
874  *   lpabssecdesc  []
875  *   lpselfsecdesc []
876  *   lpbuflen      []
877  */
878 BOOL WINAPI
879 MakeSelfRelativeSD(
880         IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
881         IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
882         IN OUT LPDWORD lpdwBufferLength)
883 {
884     return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor,
885                                                 pSelfRelativeSecurityDescriptor, lpdwBufferLength));
886 }
887
888 /******************************************************************************
889  * GetSecurityDescriptorControl                 [ADVAPI32.@]
890  */
891
892 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR  pSecurityDescriptor,
893                  PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
894 {
895     return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
896 }
897
898 /*      ##############################
899         ######  ACL FUNCTIONS   ######
900         ##############################
901 */
902
903 /*************************************************************************
904  * InitializeAcl [ADVAPI32.@]
905  */
906 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
907 {
908     return set_ntstatus( RtlCreateAcl(acl, size, rev));
909 }
910
911 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
912 {
913     TRACE("(%p)\n", hNamedPipe);
914
915     return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, NULL,
916                          FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
917 }
918
919 /******************************************************************************
920  *  AddAccessAllowedAce [ADVAPI32.@]
921  */
922 BOOL WINAPI AddAccessAllowedAce(
923         IN OUT PACL pAcl,
924         IN DWORD dwAceRevision,
925         IN DWORD AccessMask,
926         IN PSID pSid)
927 {
928     return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
929 }
930
931 /******************************************************************************
932  *  AddAccessAllowedAceEx [ADVAPI32.@]
933  */
934 BOOL WINAPI AddAccessAllowedAceEx(
935         IN OUT PACL pAcl,
936         IN DWORD dwAceRevision,
937         IN DWORD AceFlags,
938         IN DWORD AccessMask,
939         IN PSID pSid)
940 {
941     return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
942 }
943
944 /******************************************************************************
945  *  AddAccessDeniedAce [ADVAPI32.@]
946  */
947 BOOL WINAPI AddAccessDeniedAce(
948         IN OUT PACL pAcl,
949         IN DWORD dwAceRevision,
950         IN DWORD AccessMask,
951         IN PSID pSid)
952 {
953     return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
954 }
955
956 /******************************************************************************
957  *  AddAccessDeniedAceEx [ADVAPI32.@]
958  */
959 BOOL WINAPI AddAccessDeniedAceEx(
960         IN OUT PACL pAcl,
961         IN DWORD dwAceRevision,
962         IN DWORD AceFlags,
963         IN DWORD AccessMask,
964         IN PSID pSid)
965 {
966     return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
967 }
968
969 /******************************************************************************
970  *  AddAce [ADVAPI32.@]
971  */
972 BOOL WINAPI AddAce(
973         IN OUT PACL pAcl,
974         IN DWORD dwAceRevision,
975         IN DWORD dwStartingAceIndex,
976         LPVOID pAceList,
977         DWORD nAceListLength)
978 {
979     return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
980 }
981
982 /******************************************************************************
983  * DeleteAce [ADVAPI32.@]
984  */
985 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
986 {
987     return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
988 }
989
990 /******************************************************************************
991  *  FindFirstFreeAce [ADVAPI32.@]
992  */
993 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
994 {
995         return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
996 }
997
998 /******************************************************************************
999  * GetAce [ADVAPI32.@]
1000  */
1001 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1002 {
1003     return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1004 }
1005
1006 /******************************************************************************
1007  * GetAclInformation [ADVAPI32.@]
1008  */
1009 BOOL WINAPI GetAclInformation(
1010   PACL pAcl,
1011   LPVOID pAclInformation,
1012   DWORD nAclInformationLength,
1013   ACL_INFORMATION_CLASS dwAclInformationClass)
1014 {
1015     return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1016                                                nAclInformationLength, dwAclInformationClass));
1017 }
1018
1019 /******************************************************************************
1020  *  IsValidAcl [ADVAPI32.@]
1021  */
1022 BOOL WINAPI IsValidAcl(IN PACL pAcl)
1023 {
1024         return RtlValidAcl(pAcl);
1025 }
1026
1027 /*      ##############################
1028         ######  MISC FUNCTIONS  ######
1029         ##############################
1030 */
1031
1032 /******************************************************************************
1033  * AllocateLocallyUniqueId [ADVAPI32.@]
1034  *
1035  * PARAMS
1036  *   lpLuid []
1037  */
1038 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
1039 {
1040     return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid));
1041 }
1042
1043 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
1044  { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1045 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
1046  { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
1047 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
1048  { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
1049 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
1050  { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
1051 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
1052  { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
1053 static const WCHAR SE_TCB_NAME_W[] =
1054  { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
1055 static const WCHAR SE_SECURITY_NAME_W[] =
1056  { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1057 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
1058  { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
1059 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
1060  { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
1061 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
1062  { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1063 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
1064  { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
1065 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
1066  { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
1067 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
1068  { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
1069 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
1070  { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
1071 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
1072  { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1073 static const WCHAR SE_BACKUP_NAME_W[] =
1074  { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
1075 static const WCHAR SE_RESTORE_NAME_W[] =
1076  { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
1077 static const WCHAR SE_SHUTDOWN_NAME_W[] =
1078  { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1079 static const WCHAR SE_DEBUG_NAME_W[] =
1080  { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
1081 static const WCHAR SE_AUDIT_NAME_W[] =
1082  { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
1083 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
1084  { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1085 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
1086  { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
1087 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
1088  { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
1089 static const WCHAR SE_UNDOCK_NAME_W[] =
1090  { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
1091 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
1092  { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
1093 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
1094  { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
1095 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
1096  { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
1097 static const WCHAR SE_IMPERSONATE_NAME_W[] =
1098  { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
1099 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
1100  { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
1101
1102 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
1103 {
1104     NULL,
1105     NULL,
1106     SE_CREATE_TOKEN_NAME_W,
1107     SE_ASSIGNPRIMARYTOKEN_NAME_W,
1108     SE_LOCK_MEMORY_NAME_W,
1109     SE_INCREASE_QUOTA_NAME_W,
1110     SE_MACHINE_ACCOUNT_NAME_W,
1111     SE_TCB_NAME_W,
1112     SE_SECURITY_NAME_W,
1113     SE_TAKE_OWNERSHIP_NAME_W,
1114     SE_LOAD_DRIVER_NAME_W,
1115     SE_SYSTEM_PROFILE_NAME_W,
1116     SE_SYSTEMTIME_NAME_W,
1117     SE_PROF_SINGLE_PROCESS_NAME_W,
1118     SE_INC_BASE_PRIORITY_NAME_W,
1119     SE_CREATE_PAGEFILE_NAME_W,
1120     SE_CREATE_PERMANENT_NAME_W,
1121     SE_BACKUP_NAME_W,
1122     SE_RESTORE_NAME_W,
1123     SE_SHUTDOWN_NAME_W,
1124     SE_DEBUG_NAME_W,
1125     SE_AUDIT_NAME_W,
1126     SE_SYSTEM_ENVIRONMENT_NAME_W,
1127     SE_CHANGE_NOTIFY_NAME_W,
1128     SE_REMOTE_SHUTDOWN_NAME_W,
1129     SE_UNDOCK_NAME_W,
1130     SE_SYNC_AGENT_NAME_W,
1131     SE_ENABLE_DELEGATION_NAME_W,
1132     SE_MANAGE_VOLUME_NAME_W,
1133     SE_IMPERSONATE_NAME_W,
1134     SE_CREATE_GLOBAL_NAME_W,
1135 };
1136
1137 /******************************************************************************
1138  * LookupPrivilegeValueW                        [ADVAPI32.@]
1139  *
1140  * See LookupPrivilegeValueA.
1141  */
1142 BOOL WINAPI
1143 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
1144 {
1145     UINT i;
1146
1147     TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
1148
1149     if (!ADVAPI_IsLocalComputer(lpSystemName))
1150     {
1151         SetLastError(RPC_S_SERVER_UNAVAILABLE);
1152         return FALSE;
1153     }
1154     if (!lpName)
1155     {
1156         SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1157         return FALSE;
1158     }
1159     for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
1160     {
1161         if( !WellKnownPrivNames[i] )
1162             continue;
1163         if( strcmpiW( WellKnownPrivNames[i], lpName) )
1164             continue;
1165         lpLuid->LowPart = i;
1166         lpLuid->HighPart = 0;
1167         TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
1168                lpLuid->HighPart, lpLuid->LowPart );
1169         return TRUE;
1170     }
1171     SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1172     return FALSE;
1173 }
1174
1175 /******************************************************************************
1176  * LookupPrivilegeValueA                        [ADVAPI32.@]
1177  *
1178  * Retrieves LUID used on a system to represent the privilege name.
1179  *
1180  * PARAMS
1181  *  lpSystemName [I] Name of the system
1182  *  lpName       [I] Name of the privilege
1183  *  lpLuid       [O] Destination for the resulting LUID
1184  *
1185  * RETURNS
1186  *  Success: TRUE. lpLuid contains the requested LUID.
1187  *  Failure: FALSE.
1188  */
1189 BOOL WINAPI
1190 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1191 {
1192     UNICODE_STRING lpSystemNameW;
1193     UNICODE_STRING lpNameW;
1194     BOOL ret;
1195
1196     RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1197     RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1198     ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1199     RtlFreeUnicodeString(&lpNameW);
1200     RtlFreeUnicodeString(&lpSystemNameW);
1201     return ret;
1202 }
1203
1204 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName,
1205                                          LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1206 {
1207     FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName),
1208           debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId);
1209
1210     return FALSE;
1211 }
1212
1213 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName,
1214                                          LPDWORD cchDisplayName, LPDWORD lpLanguageId )
1215 {
1216     FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName),
1217           debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId);
1218
1219     return FALSE;
1220 }
1221
1222 /******************************************************************************
1223  * LookupPrivilegeNameA                 [ADVAPI32.@]
1224  *
1225  * See LookupPrivilegeNameW
1226  */
1227 BOOL WINAPI
1228 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1229  LPDWORD cchName)
1230 {
1231     UNICODE_STRING lpSystemNameW;
1232     BOOL ret;
1233     DWORD wLen = 0;
1234
1235     TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1236
1237     RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1238     ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1239     if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1240     {
1241         LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1242
1243         ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1244          &wLen);
1245         if (ret)
1246         {
1247             /* Windows crashes if cchName is NULL, so will I */
1248             int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1249              *cchName, NULL, NULL);
1250
1251             if (len == 0)
1252             {
1253                 /* WideCharToMultiByte failed */
1254                 ret = FALSE;
1255             }
1256             else if (len > *cchName)
1257             {
1258                 *cchName = len;
1259                 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1260                 ret = FALSE;
1261             }
1262             else
1263             {
1264                 /* WideCharToMultiByte succeeded, output length needs to be
1265                  * length not including NULL terminator
1266                  */
1267                 *cchName = len - 1;
1268             }
1269         }
1270         HeapFree(GetProcessHeap(), 0, lpNameW);
1271     }
1272     RtlFreeUnicodeString(&lpSystemNameW);
1273     return ret;
1274 }
1275
1276 /******************************************************************************
1277  * LookupPrivilegeNameW                 [ADVAPI32.@]
1278  *
1279  * Retrieves the privilege name referred to by the LUID lpLuid.
1280  *
1281  * PARAMS
1282  *  lpSystemName [I]   Name of the system
1283  *  lpLuid       [I]   Privilege value
1284  *  lpName       [O]   Name of the privilege
1285  *  cchName      [I/O] Number of characters in lpName.
1286  *
1287  * RETURNS
1288  *  Success: TRUE. lpName contains the name of the privilege whose value is
1289  *  *lpLuid.
1290  *  Failure: FALSE.
1291  *
1292  * REMARKS
1293  *  Only well-known privilege names (those defined in winnt.h) can be retrieved
1294  *  using this function.
1295  *  If the length of lpName is too small, on return *cchName will contain the
1296  *  number of WCHARs needed to contain the privilege, including the NULL
1297  *  terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1298  *  On success, *cchName will contain the number of characters stored in
1299  *  lpName, NOT including the NULL terminator.
1300  */
1301 BOOL WINAPI
1302 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1303  LPDWORD cchName)
1304 {
1305     size_t privNameLen;
1306
1307     TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1308
1309     if (!ADVAPI_IsLocalComputer(lpSystemName))
1310     {
1311         SetLastError(RPC_S_SERVER_UNAVAILABLE);
1312         return FALSE;
1313     }
1314     if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1315      lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1316     {
1317         SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1318         return FALSE;
1319     }
1320     privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1321     /* Windows crashes if cchName is NULL, so will I */
1322     if (*cchName <= privNameLen)
1323     {
1324         *cchName = privNameLen + 1;
1325         SetLastError(ERROR_INSUFFICIENT_BUFFER);
1326         return FALSE;
1327     }
1328     else
1329     {
1330         strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1331         *cchName = privNameLen;
1332         return TRUE;
1333     }
1334 }
1335
1336 /******************************************************************************
1337  * GetFileSecurityA [ADVAPI32.@]
1338  *
1339  * Obtains Specified information about the security of a file or directory.
1340  *
1341  * PARAMS
1342  *  lpFileName           [I] Name of the file to get info for
1343  *  RequestedInformation [I] SE_ flags from "winnt.h"
1344  *  pSecurityDescriptor  [O] Destination for security information
1345  *  nLength              [I] Length of pSecurityDescriptor
1346  *  lpnLengthNeeded      [O] Destination for length of returned security information
1347  *
1348  * RETURNS
1349  *  Success: TRUE. pSecurityDescriptor contains the requested information.
1350  *  Failure: FALSE. lpnLengthNeeded contains the required space to return the info. 
1351  *
1352  * NOTES
1353  *  The information returned is constrained by the callers access rights and
1354  *  privileges.
1355  */
1356 BOOL WINAPI
1357 GetFileSecurityA( LPCSTR lpFileName,
1358                     SECURITY_INFORMATION RequestedInformation,
1359                     PSECURITY_DESCRIPTOR pSecurityDescriptor,
1360                     DWORD nLength, LPDWORD lpnLengthNeeded )
1361 {
1362     DWORD len;
1363     BOOL r;
1364     LPWSTR name = NULL;
1365
1366     if( lpFileName )
1367     {
1368         len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1369         name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1370         MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1371     }
1372
1373     r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1374                           nLength, lpnLengthNeeded );
1375     HeapFree( GetProcessHeap(), 0, name );
1376
1377     return r;
1378 }
1379
1380 /******************************************************************************
1381  * GetFileSecurityW [ADVAPI32.@]
1382  *
1383  * See GetFileSecurityA.
1384  */
1385 BOOL WINAPI
1386 GetFileSecurityW( LPCWSTR lpFileName,
1387                     SECURITY_INFORMATION RequestedInformation,
1388                     PSECURITY_DESCRIPTOR pSecurityDescriptor,
1389                     DWORD nLength, LPDWORD lpnLengthNeeded )
1390 {
1391     DWORD               nNeeded;
1392     LPBYTE      pBuffer;
1393     DWORD               iLocNow;
1394     SECURITY_DESCRIPTOR_RELATIVE *pSDRelative;
1395
1396     if(INVALID_FILE_ATTRIBUTES == GetFileAttributesW(lpFileName))
1397         return FALSE;
1398
1399     FIXME("(%s) : returns fake SECURITY_DESCRIPTOR\n", debugstr_w(lpFileName) );
1400
1401     nNeeded = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1402     if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1403         nNeeded += sizeof(sidWorld);
1404     if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1405         nNeeded += sizeof(sidWorld);
1406     if (RequestedInformation & DACL_SECURITY_INFORMATION)
1407         nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1408     if (RequestedInformation & SACL_SECURITY_INFORMATION)
1409         nNeeded += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1410
1411     *lpnLengthNeeded = nNeeded;
1412
1413     if (nNeeded > nLength)
1414             return TRUE;
1415
1416     if (!InitializeSecurityDescriptor(pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
1417         return FALSE;
1418
1419     pSDRelative = (PISECURITY_DESCRIPTOR_RELATIVE) pSecurityDescriptor;
1420     pSDRelative->Control |= SE_SELF_RELATIVE;
1421     pBuffer = (LPBYTE) pSDRelative;
1422     iLocNow = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
1423
1424     if (RequestedInformation & OWNER_SECURITY_INFORMATION)
1425     {
1426         memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1427         pSDRelative->Owner = iLocNow;
1428         iLocNow += sizeof(sidWorld);
1429     }
1430     if (RequestedInformation & GROUP_SECURITY_INFORMATION)
1431     {
1432         memcpy(pBuffer + iLocNow, &sidWorld, sizeof(sidWorld));
1433         pSDRelative->Group = iLocNow;
1434         iLocNow += sizeof(sidWorld);
1435     }
1436     if (RequestedInformation & DACL_SECURITY_INFORMATION)
1437     {
1438         GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1439         pSDRelative->Dacl = iLocNow;
1440         iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL;
1441     }
1442     if (RequestedInformation & SACL_SECURITY_INFORMATION)
1443     {
1444         GetWorldAccessACL((PACL) (pBuffer + iLocNow));
1445         pSDRelative->Sacl = iLocNow;
1446         /* iLocNow += WINE_SIZE_OF_WORLD_ACCESS_ACL; */
1447     }
1448     return TRUE;
1449 }
1450
1451
1452 /******************************************************************************
1453  * LookupAccountSidA [ADVAPI32.@]
1454  */
1455 BOOL WINAPI
1456 LookupAccountSidA(
1457         IN LPCSTR system,
1458         IN PSID sid,
1459         OUT LPSTR account,
1460         IN OUT LPDWORD accountSize,
1461         OUT LPSTR domain,
1462         IN OUT LPDWORD domainSize,
1463         OUT PSID_NAME_USE name_use )
1464 {
1465         static const char ac[] = "Administrator";
1466         static const char dm[] = "DOMAIN";
1467         FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1468               debugstr_a(system),sid,
1469               account,accountSize,accountSize?*accountSize:0,
1470               domain,domainSize,domainSize?*domainSize:0,
1471               name_use);
1472
1473         if (accountSize) *accountSize = strlen(ac)+1;
1474         if (account && (*accountSize > strlen(ac)))
1475           strcpy(account, ac);
1476
1477         if (domainSize) *domainSize = strlen(dm)+1;
1478         if (domain && (*domainSize > strlen(dm)))
1479           strcpy(domain,dm);
1480
1481         if (name_use) *name_use = SidTypeUser;
1482         return TRUE;
1483 }
1484
1485 /******************************************************************************
1486  * LookupAccountSidW [ADVAPI32.@]
1487  *
1488  * PARAMS
1489  *   system      []
1490  *   sid         []
1491  *   account     []
1492  *   accountSize []
1493  *   domain      []
1494  *   domainSize  []
1495  *   name_use    []
1496  */
1497 BOOL WINAPI
1498 LookupAccountSidW(
1499         IN LPCWSTR system,
1500         IN PSID sid,
1501         OUT LPWSTR account,
1502         IN OUT LPDWORD accountSize,
1503         OUT LPWSTR domain,
1504         IN OUT LPDWORD domainSize,
1505         OUT PSID_NAME_USE name_use )
1506 {
1507     static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1508     static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1509         FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1510               debugstr_w(system),sid,
1511               account,accountSize,accountSize?*accountSize:0,
1512               domain,domainSize,domainSize?*domainSize:0,
1513               name_use);
1514
1515         if (accountSize) *accountSize = strlenW(ac)+1;
1516         if (account && (*accountSize > strlenW(ac)))
1517             strcpyW(account, ac);
1518
1519         if (domainSize) *domainSize = strlenW(dm)+1;
1520         if (domain && (*domainSize > strlenW(dm)))
1521             strcpyW(domain,dm);
1522
1523         if (name_use) *name_use = SidTypeUser;
1524         return TRUE;
1525 }
1526
1527 /******************************************************************************
1528  * SetFileSecurityA [ADVAPI32.@]
1529  * Sets the security of a file or directory
1530  */
1531 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1532                                 SECURITY_INFORMATION RequestedInformation,
1533                                 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1534 {
1535     DWORD len;
1536     BOOL r;
1537     LPWSTR name = NULL;
1538
1539     if( lpFileName )
1540     {
1541         len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1542         name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1543         MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1544     }
1545
1546     r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1547     HeapFree( GetProcessHeap(), 0, name );
1548
1549     return r;
1550 }
1551
1552 /******************************************************************************
1553  * SetFileSecurityW [ADVAPI32.@]
1554  * Sets the security of a file or directory
1555  *
1556  * PARAMS
1557  *   lpFileName           []
1558  *   RequestedInformation []
1559  *   pSecurityDescriptor  []
1560  */
1561 BOOL WINAPI
1562 SetFileSecurityW( LPCWSTR lpFileName,
1563                     SECURITY_INFORMATION RequestedInformation,
1564                     PSECURITY_DESCRIPTOR pSecurityDescriptor )
1565 {
1566   FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1567   return TRUE;
1568 }
1569
1570 /******************************************************************************
1571  * QueryWindows31FilesMigration [ADVAPI32.@]
1572  *
1573  * PARAMS
1574  *   x1 []
1575  */
1576 BOOL WINAPI
1577 QueryWindows31FilesMigration( DWORD x1 )
1578 {
1579         FIXME("(%ld):stub\n",x1);
1580         return TRUE;
1581 }
1582
1583 /******************************************************************************
1584  * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1585  *
1586  * PARAMS
1587  *   x1 []
1588  *   x2 []
1589  *   x3 []
1590  *   x4 []
1591  */
1592 BOOL WINAPI
1593 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1594                                                DWORD x4 )
1595 {
1596         FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1597         return TRUE;
1598 }
1599
1600 /******************************************************************************
1601  * NotifyBootConfigStatus [ADVAPI32.@]
1602  *
1603  * PARAMS
1604  *   x1 []
1605  */
1606 BOOL WINAPI
1607 NotifyBootConfigStatus( DWORD x1 )
1608 {
1609         FIXME("(0x%08lx):stub\n",x1);
1610         return 1;
1611 }
1612
1613 /******************************************************************************
1614  * RevertToSelf [ADVAPI32.@]
1615  *
1616  * Ends the impersonation of a user.
1617  *
1618  * PARAMS
1619  *   void []
1620  *
1621  * RETURNS
1622  *  Success: TRUE.
1623  *  Failure: FALSE.
1624  */
1625 BOOL WINAPI
1626 RevertToSelf( void )
1627 {
1628     HANDLE Token = NULL;
1629     return set_ntstatus( NtSetInformationThread( GetCurrentThread(),
1630         ThreadImpersonationToken, &Token, sizeof(Token) ) );
1631 }
1632
1633 /******************************************************************************
1634  * ImpersonateSelf [ADVAPI32.@]
1635  *
1636  * Makes an impersonation token that represents the process user and assigns
1637  * to the current thread.
1638  *
1639  * PARAMS
1640  *  ImpersonationLevel [I] Level at which to impersonate.
1641  *
1642  * RETURNS
1643  *  Success: TRUE.
1644  *  Failure: FALSE.
1645  */
1646 BOOL WINAPI
1647 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1648 {
1649     return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) );
1650 }
1651
1652 /******************************************************************************
1653  * ImpersonateLoggedOnUser [ADVAPI32.@]
1654  */
1655 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1656 {
1657     FIXME("(%p):stub returning FALSE\n", hToken);
1658     return FALSE;
1659 }
1660
1661 /******************************************************************************
1662  * AccessCheck [ADVAPI32.@]
1663  */
1664 BOOL WINAPI
1665 AccessCheck(
1666         PSECURITY_DESCRIPTOR SecurityDescriptor,
1667         HANDLE ClientToken,
1668         DWORD DesiredAccess,
1669         PGENERIC_MAPPING GenericMapping,
1670         PPRIVILEGE_SET PrivilegeSet,
1671         LPDWORD PrivilegeSetLength,
1672         LPDWORD GrantedAccess,
1673         LPBOOL AccessStatus)
1674 {
1675     NTSTATUS access_status;
1676     BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1677                                            GenericMapping, PrivilegeSet, PrivilegeSetLength,
1678                                            GrantedAccess, &access_status) );
1679     if (ret) *AccessStatus = set_ntstatus( access_status );
1680     return ret;
1681 }
1682
1683
1684 /******************************************************************************
1685  * AccessCheckByType [ADVAPI32.@]
1686  */
1687 BOOL WINAPI AccessCheckByType(
1688     PSECURITY_DESCRIPTOR pSecurityDescriptor, 
1689     PSID PrincipalSelfSid,
1690     HANDLE ClientToken, 
1691     DWORD DesiredAccess, 
1692     POBJECT_TYPE_LIST ObjectTypeList,
1693     DWORD ObjectTypeListLength,
1694     PGENERIC_MAPPING GenericMapping,
1695     PPRIVILEGE_SET PrivilegeSet,
1696     LPDWORD PrivilegeSetLength, 
1697     LPDWORD GrantedAccess,
1698     LPBOOL AccessStatus)
1699 {
1700         FIXME("stub\n");
1701
1702         *AccessStatus = TRUE;
1703
1704         return !*AccessStatus;
1705 }
1706
1707 /******************************************************************************
1708  * MapGenericMask [ADVAPI32.@]
1709  *
1710  * Maps generic access rights into specific access rights according to the
1711  * supplied mapping.
1712  *
1713  * PARAMS
1714  *  AccessMask     [I/O] Access rights.
1715  *  GenericMapping [I] The mapping between generic and specific rights.
1716  *
1717  * RETURNS
1718  *  Nothing.
1719  */
1720 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping )
1721 {
1722     RtlMapGenericMask( AccessMask, GenericMapping );
1723 }
1724
1725 /*************************************************************************
1726  * SetKernelObjectSecurity [ADVAPI32.@]
1727  */
1728 BOOL WINAPI SetKernelObjectSecurity (
1729         IN HANDLE Handle,
1730         IN SECURITY_INFORMATION SecurityInformation,
1731         IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1732 {
1733     return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1734 }
1735
1736
1737 /******************************************************************************
1738  *  AddAuditAccessAce [ADVAPI32.@]
1739  */
1740 BOOL WINAPI AddAuditAccessAce(
1741     IN OUT PACL pAcl, 
1742     IN DWORD dwAceRevision, 
1743     IN DWORD dwAccessMask, 
1744     IN PSID pSid, 
1745     IN BOOL bAuditSuccess, 
1746     IN BOOL bAuditFailure) 
1747 {
1748     return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid, 
1749                                               bAuditSuccess, bAuditFailure) ); 
1750 }
1751
1752 /******************************************************************************
1753  * LookupAccountNameA [ADVAPI32.@]
1754  */
1755 BOOL WINAPI
1756 LookupAccountNameA(
1757         IN LPCSTR system,
1758         IN LPCSTR account,
1759         OUT PSID sid,
1760         OUT LPDWORD cbSid,
1761         LPSTR ReferencedDomainName,
1762         IN OUT LPDWORD cbReferencedDomainName,
1763         OUT PSID_NAME_USE name_use )
1764 {
1765     /* Default implementation: Always return a default SID */
1766     SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
1767     BOOL ret;
1768     PSID pSid;
1769     static const char dm[] = "DOMAIN";
1770
1771     FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1772
1773     ret = AllocateAndInitializeSid(&identifierAuthority,
1774         2,
1775         SECURITY_BUILTIN_DOMAIN_RID,
1776         DOMAIN_ALIAS_RID_ADMINS,
1777         0, 0, 0, 0, 0, 0,
1778         &pSid);
1779
1780     if (!ret)
1781        return FALSE;
1782     if(!RtlValidSid(pSid))
1783     {
1784        FreeSid(pSid);
1785        return FALSE;
1786     }
1787
1788     if (sid != NULL && (*cbSid >= GetLengthSid(pSid)))
1789        CopySid(*cbSid, sid, pSid);
1790     if (*cbSid < GetLengthSid(pSid))
1791     {
1792        SetLastError(ERROR_INSUFFICIENT_BUFFER);
1793        ret = FALSE;
1794     }
1795     *cbSid = GetLengthSid(pSid);
1796     
1797     if (ReferencedDomainName != NULL && (*cbReferencedDomainName > strlen(dm)))
1798       strcpy(ReferencedDomainName, dm);
1799     if (*cbReferencedDomainName <= strlen(dm))
1800     {
1801        SetLastError(ERROR_INSUFFICIENT_BUFFER);
1802        ret = FALSE;
1803     }
1804     *cbReferencedDomainName = strlen(dm)+1;
1805
1806     FreeSid(pSid);
1807
1808     return ret;
1809 }
1810
1811 /******************************************************************************
1812  * LookupAccountNameW [ADVAPI32.@]
1813  */
1814 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid,
1815                                 LPDWORD cbSid, LPWSTR ReferencedDomainName,
1816                                 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse )
1817 {
1818     FIXME("%s %s %p %p %p %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName),
1819           Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse);
1820
1821     return FALSE;
1822 }
1823
1824 /******************************************************************************
1825  * PrivilegeCheck [ADVAPI32.@]
1826  */
1827 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1828 {
1829     BOOL ret;
1830     BOOLEAN Result;
1831
1832     TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1833
1834     ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result));
1835     if (ret)
1836         *pfResult = Result;
1837     return ret;
1838 }
1839
1840 /******************************************************************************
1841  * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1842  */
1843 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1844   LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1845   PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1846   LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1847 {
1848         FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1849                 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1850                 SecurityDescriptor, DesiredAccess, GenericMapping,
1851                 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1852         return TRUE;
1853 }
1854
1855 /******************************************************************************
1856  * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1857  */
1858 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1859   LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1860   PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1861   LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1862 {
1863         FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1864                 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1865                 SecurityDescriptor, DesiredAccess, GenericMapping,
1866                 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1867         return TRUE;
1868 }
1869
1870 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1871 {
1872     FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose);
1873
1874     return TRUE;
1875 }
1876
1877 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose)
1878 {
1879     FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose);
1880
1881     return TRUE;
1882 }
1883
1884 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName,
1885   LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1886   DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1887   LPBOOL GenerateOnClose)
1888 {
1889         FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_a(SubsystemName),
1890                 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor,
1891         ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1892         GenerateOnClose);
1893
1894     return TRUE;
1895 }
1896
1897 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName,
1898   LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess,
1899   DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted,
1900   LPBOOL GenerateOnClose)
1901 {
1902     FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08lx,0x%08lx,%p,%x,%x,%p)\n", debugstr_w(SubsystemName),
1903         HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor,
1904         ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted,
1905         GenerateOnClose);
1906
1907     return TRUE;
1908 }
1909
1910 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1911   DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1912 {
1913     FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken,
1914           DesiredAccess, Privileges, AccessGranted);
1915
1916     return TRUE;
1917 }
1918
1919 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken,
1920   DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1921 {
1922     FIXME("stub (%s,%p,%p,0x%08lx,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken,
1923           DesiredAccess, Privileges, AccessGranted);
1924
1925     return TRUE;
1926 }
1927
1928 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken,
1929                                    PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1930 {
1931     FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName),
1932           ClientToken, Privileges, AccessGranted);
1933
1934     return TRUE;
1935 }
1936
1937 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken,
1938                                    PPRIVILEGE_SET Privileges, BOOL AccessGranted)
1939 {
1940     FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName),
1941           ClientToken, Privileges, AccessGranted);
1942
1943     return TRUE;
1944 }
1945
1946 /******************************************************************************
1947  * GetSecurityInfo [ADVAPI32.@]
1948  */
1949 DWORD WINAPI GetSecurityInfo(
1950     HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1951     SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
1952     PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
1953     PSECURITY_DESCRIPTOR *ppSecurityDescriptor
1954 )
1955 {
1956   FIXME("stub!\n");
1957   return ERROR_BAD_PROVIDER;
1958 }
1959
1960 /******************************************************************************
1961  * GetSecurityInfoExW [ADVAPI32.@]
1962  */
1963 DWORD WINAPI GetSecurityInfoExW(
1964         HANDLE hObject, SE_OBJECT_TYPE ObjectType, 
1965         SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1966         LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, 
1967         PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1968 )
1969 {
1970   FIXME("stub!\n");
1971   return ERROR_BAD_PROVIDER; 
1972 }
1973
1974 /******************************************************************************
1975  * BuildExplicitAccessWithNameA [ADVAPI32.@]
1976  */
1977 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess,
1978                                           LPSTR pTrusteeName, DWORD AccessPermissions,
1979                                           ACCESS_MODE AccessMode, DWORD Inheritance )
1980 {
1981     TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_a(pTrusteeName),
1982           AccessPermissions, AccessMode, Inheritance);
1983
1984     pExplicitAccess->grfAccessPermissions = AccessPermissions;
1985     pExplicitAccess->grfAccessMode = AccessMode;
1986     pExplicitAccess->grfInheritance = Inheritance;
1987
1988     pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1989     pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1990     pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1991     pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1992     pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1993 }
1994
1995 /******************************************************************************
1996  * BuildExplicitAccessWithNameW [ADVAPI32.@]
1997  */
1998 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess,
1999                                           LPWSTR pTrusteeName, DWORD AccessPermissions,
2000                                           ACCESS_MODE AccessMode, DWORD Inheritance )
2001 {
2002     TRACE("%p %s 0x%08lx 0x%08x 0x%08lx\n", pExplicitAccess, debugstr_w(pTrusteeName),
2003           AccessPermissions, AccessMode, Inheritance);
2004
2005     pExplicitAccess->grfAccessPermissions = AccessPermissions;
2006     pExplicitAccess->grfAccessMode = AccessMode;
2007     pExplicitAccess->grfInheritance = Inheritance;
2008
2009     pExplicitAccess->Trustee.pMultipleTrustee = NULL;
2010     pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2011     pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
2012     pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
2013     pExplicitAccess->Trustee.ptstrName = pTrusteeName;
2014 }
2015
2016 /******************************************************************************
2017  * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
2018  */
2019 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
2020                                              SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
2021                                              LPSTR InheritedObjectTypeName, LPSTR Name )
2022 {
2023     TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2024           ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
2025
2026     pTrustee->pMultipleTrustee = NULL;
2027     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2028     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2029     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2030     pTrustee->ptstrName = Name;
2031 }
2032
2033 /******************************************************************************
2034  * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
2035  */
2036 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
2037                                              SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
2038                                              LPWSTR InheritedObjectTypeName, LPWSTR Name )
2039 {
2040     TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
2041           ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
2042
2043     pTrustee->pMultipleTrustee = NULL;
2044     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2045     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
2046     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2047     pTrustee->ptstrName = Name;
2048 }
2049
2050 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid,
2051                                             GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2052 {
2053     TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2054
2055     pTrustee->pMultipleTrustee = NULL;
2056     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2057     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2058     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2059     pTrustee->ptstrName = (LPSTR) pSid;
2060 }
2061
2062 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid,
2063                                             GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid )
2064 {
2065     TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
2066
2067     pTrustee->pMultipleTrustee = NULL;
2068     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2069     pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2070     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2071     pTrustee->ptstrName = (LPWSTR) pSid;
2072 }
2073
2074 /******************************************************************************
2075  * BuildTrusteeWithSidA [ADVAPI32.@]
2076  */
2077 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
2078 {
2079     TRACE("%p %p\n", pTrustee, pSid);
2080
2081     pTrustee->pMultipleTrustee = NULL;
2082     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2083     pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2084     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2085     pTrustee->ptstrName = (LPSTR) pSid;
2086 }
2087
2088 /******************************************************************************
2089  * BuildTrusteeWithSidW [ADVAPI32.@]
2090  */
2091 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
2092 {
2093     TRACE("%p %p\n", pTrustee, pSid);
2094
2095     pTrustee->pMultipleTrustee = NULL;
2096     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2097     pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2098     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2099     pTrustee->ptstrName = (LPWSTR) pSid;
2100 }
2101
2102 /******************************************************************************
2103  * BuildTrusteeWithNameA [ADVAPI32.@]
2104  */
2105 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
2106 {
2107     TRACE("%p %s\n", pTrustee, debugstr_a(name) );
2108
2109     pTrustee->pMultipleTrustee = NULL;
2110     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2111     pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2112     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2113     pTrustee->ptstrName = name;
2114 }
2115
2116 /******************************************************************************
2117  * BuildTrusteeWithNameW [ADVAPI32.@]
2118  */
2119 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
2120 {
2121     TRACE("%p %s\n", pTrustee, debugstr_w(name) );
2122
2123     pTrustee->pMultipleTrustee = NULL;
2124     pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2125     pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2126     pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2127     pTrustee->ptstrName = name;
2128 }
2129
2130 /****************************************************************************** 
2131  * GetTrusteeFormA [ADVAPI32.@] 
2132  */ 
2133 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee) 
2134 {  
2135     TRACE("(%p)\n", pTrustee); 
2136   
2137     if (!pTrustee) 
2138         return TRUSTEE_BAD_FORM; 
2139   
2140     return pTrustee->TrusteeForm; 
2141 }  
2142   
2143 /****************************************************************************** 
2144  * GetTrusteeFormW [ADVAPI32.@] 
2145  */ 
2146 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee) 
2147 {  
2148     TRACE("(%p)\n", pTrustee); 
2149   
2150     if (!pTrustee) 
2151         return TRUSTEE_BAD_FORM; 
2152   
2153     return pTrustee->TrusteeForm; 
2154 }  
2155   
2156 /****************************************************************************** 
2157  * GetTrusteeNameA [ADVAPI32.@] 
2158  */ 
2159 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee) 
2160 {  
2161     TRACE("(%p)\n", pTrustee); 
2162   
2163     if (!pTrustee) 
2164         return NULL; 
2165   
2166     return pTrustee->ptstrName; 
2167 }  
2168   
2169 /****************************************************************************** 
2170  * GetTrusteeNameW [ADVAPI32.@] 
2171  */ 
2172 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee) 
2173 {  
2174     TRACE("(%p)\n", pTrustee); 
2175   
2176     if (!pTrustee) 
2177         return NULL; 
2178   
2179     return pTrustee->ptstrName; 
2180 }  
2181   
2182 /****************************************************************************** 
2183  * GetTrusteeTypeA [ADVAPI32.@] 
2184  */ 
2185 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee) 
2186 {  
2187     TRACE("(%p)\n", pTrustee); 
2188   
2189     if (!pTrustee) 
2190         return TRUSTEE_IS_UNKNOWN; 
2191   
2192     return pTrustee->TrusteeType; 
2193 }  
2194   
2195 /****************************************************************************** 
2196  * GetTrusteeTypeW [ADVAPI32.@] 
2197  */ 
2198 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee) 
2199 {  
2200     TRACE("(%p)\n", pTrustee); 
2201   
2202     if (!pTrustee) 
2203         return TRUSTEE_IS_UNKNOWN; 
2204   
2205     return pTrustee->TrusteeType; 
2206
2207  
2208 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation,
2209                                DWORD nAclInformationLength,
2210                                ACL_INFORMATION_CLASS dwAclInformationClass )
2211 {
2212     FIXME("%p %p 0x%08lx 0x%08x - stub\n", pAcl, pAclInformation,
2213           nAclInformationLength, dwAclInformationClass);
2214
2215     return TRUE;
2216 }
2217
2218 /******************************************************************************
2219  * SetEntriesInAclA [ADVAPI32.@]
2220  */
2221 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
2222                                PACL OldAcl, PACL* NewAcl )
2223 {
2224     FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2225     return ERROR_CALL_NOT_IMPLEMENTED;
2226 }
2227
2228 /******************************************************************************
2229  * SetEntriesInAclW [ADVAPI32.@]
2230  */
2231 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
2232                                PACL OldAcl, PACL* NewAcl )
2233 {
2234     FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
2235     return ERROR_CALL_NOT_IMPLEMENTED;
2236 }
2237
2238 /******************************************************************************
2239  * SetNamedSecurityInfoA [ADVAPI32.@]
2240  */
2241 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
2242         SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2243         PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2244 {
2245     DWORD len;
2246     LPWSTR wstr = NULL;
2247     DWORD r;
2248
2249     TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
2250            SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2251
2252     if( pObjectName )
2253     {
2254         len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2255         wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2256         MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2257     }
2258
2259     r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
2260                            psidGroup, pDacl, pSacl );
2261
2262     HeapFree( GetProcessHeap(), 0, wstr );
2263
2264     return r;
2265 }
2266
2267 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation,
2268     PSECURITY_DESCRIPTOR ModificationDescriptor,
2269     PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor,
2270     PGENERIC_MAPPING GenericMapping,
2271     HANDLE Token )
2272 {
2273     FIXME("0x%08lx %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor,
2274           ObjectsSecurityDescriptor, GenericMapping, Token);
2275
2276     return TRUE;
2277 }
2278
2279 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor,
2280   SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
2281   SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet )
2282 {
2283     FIXME("%p 0x%08x 0x%08x - stub\n", pSecurityDescriptor, ControlBitsOfInterest,
2284           ControlBitsToSet);
2285
2286     return TRUE;
2287 }
2288
2289 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2290 {
2291     return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess );
2292 }
2293
2294 /******************************************************************************
2295  * AreAnyAccessesGranted [ADVAPI32.@]
2296  *
2297  * Determines whether or not any of a set of specified access permissions have
2298  * been granted or not.
2299  *
2300  * PARAMS
2301  *   GrantedAccess [I] The permissions that have been granted.
2302  *   DesiredAccess [I] The permissions that you want to have.
2303  *
2304  * RETURNS
2305  *   Nonzero if any of the permissions have been granted, zero if none of the
2306  *   permissions have been granted.
2307  */
2308
2309 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
2310 {
2311     return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess );
2312 }
2313
2314 /******************************************************************************
2315  * SetNamedSecurityInfoW [ADVAPI32.@]
2316  */
2317 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
2318         SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2319         PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
2320 {
2321     FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
2322            SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
2323     return ERROR_SUCCESS;
2324 }
2325
2326 /******************************************************************************
2327  * GetExplicitEntriesFromAclA [ADVAPI32.@]
2328  */
2329 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
2330         PEXPLICIT_ACCESSA* pListOfExplicitEntries)
2331 {
2332     FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2333     return ERROR_CALL_NOT_IMPLEMENTED;
2334 }
2335
2336 /******************************************************************************
2337  * GetExplicitEntriesFromAclW [ADVAPI32.@]
2338  */
2339 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
2340         PEXPLICIT_ACCESSW* pListOfExplicitEntries)
2341 {
2342     FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
2343     return ERROR_CALL_NOT_IMPLEMENTED;
2344 }
2345
2346
2347 /******************************************************************************
2348  * ParseAclStringFlags
2349  */
2350 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2351 {
2352     DWORD flags = 0;
2353     LPCWSTR szAcl = *StringAcl;
2354
2355     while (*szAcl != '(')
2356     {
2357         if (*szAcl == 'P')
2358         {
2359             flags |= SE_DACL_PROTECTED;
2360         }
2361         else if (*szAcl == 'A')
2362         {
2363             szAcl++;
2364             if (*szAcl == 'R')
2365                 flags |= SE_DACL_AUTO_INHERIT_REQ;
2366             else if (*szAcl == 'I')
2367                 flags |= SE_DACL_AUTO_INHERITED;
2368         }
2369         szAcl++;
2370     }
2371
2372     *StringAcl = szAcl;
2373     return flags;
2374 }
2375
2376 /******************************************************************************
2377  * ParseAceStringType
2378  */
2379 ACEFLAG AceType[] =
2380 {
2381     { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2382     { SDDL_ALARM,          SYSTEM_ALARM_ACE_TYPE },
2383     { SDDL_AUDIT,          SYSTEM_AUDIT_ACE_TYPE },
2384     { SDDL_ACCESS_DENIED,  ACCESS_DENIED_ACE_TYPE },
2385     /*
2386     { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2387     { SDDL_OBJECT_ACCESS_DENIED,  ACCESS_DENIED_OBJECT_ACE_TYPE },
2388     { SDDL_OBJECT_ALARM,          SYSTEM_ALARM_OBJECT_ACE_TYPE },
2389     { SDDL_OBJECT_AUDIT,          SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2390     */
2391     { NULL, 0 },
2392 };
2393
2394 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2395 {
2396     UINT len = 0;
2397     LPCWSTR szAcl = *StringAcl;
2398     LPACEFLAG lpaf = AceType;
2399
2400     while (lpaf->wstr &&
2401         (len = strlenW(lpaf->wstr)) &&
2402         strncmpW(lpaf->wstr, szAcl, len))
2403         lpaf++;
2404
2405     if (!lpaf->wstr)
2406         return 0;
2407
2408     *StringAcl += len;
2409     return lpaf->value;
2410 }
2411
2412
2413 /******************************************************************************
2414  * ParseAceStringFlags
2415  */
2416 ACEFLAG AceFlags[] =
2417 {
2418     { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2419     { SDDL_AUDIT_FAILURE,     FAILED_ACCESS_ACE_FLAG },
2420     { SDDL_INHERITED,         INHERITED_ACE },
2421     { SDDL_INHERIT_ONLY,      INHERIT_ONLY_ACE },
2422     { SDDL_NO_PROPAGATE,      NO_PROPAGATE_INHERIT_ACE },
2423     { SDDL_OBJECT_INHERIT,    OBJECT_INHERIT_ACE },
2424     { SDDL_AUDIT_SUCCESS,     SUCCESSFUL_ACCESS_ACE_FLAG },
2425     { NULL, 0 },
2426 };
2427
2428 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2429 {
2430     UINT len = 0;
2431     BYTE flags = 0;
2432     LPCWSTR szAcl = *StringAcl;
2433
2434     while (*szAcl != ';')
2435     {
2436         LPACEFLAG lpaf = AceFlags;
2437
2438         while (lpaf->wstr &&
2439                (len = strlenW(lpaf->wstr)) &&
2440                strncmpW(lpaf->wstr, szAcl, len))
2441             lpaf++;
2442
2443         if (!lpaf->wstr)
2444             return 0;
2445
2446         flags |= lpaf->value;
2447         szAcl += len;
2448     }
2449
2450     *StringAcl = szAcl;
2451     return flags;
2452 }
2453
2454
2455 /******************************************************************************
2456  * ParseAceStringRights
2457  */
2458 ACEFLAG AceRights[] =
2459 {
2460     { SDDL_GENERIC_ALL,     GENERIC_ALL },
2461     { SDDL_GENERIC_READ,    GENERIC_READ },
2462     { SDDL_GENERIC_WRITE,   GENERIC_WRITE },
2463     { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2464     { SDDL_READ_CONTROL,    READ_CONTROL },
2465     { SDDL_STANDARD_DELETE, DELETE },
2466     { SDDL_WRITE_DAC,       WRITE_DAC },
2467     { SDDL_WRITE_OWNER,     WRITE_OWNER },
2468     { NULL, 0 },
2469 };
2470
2471 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2472 {
2473     UINT len = 0;
2474     DWORD rights = 0;
2475     LPCWSTR szAcl = *StringAcl;
2476
2477     if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2478     {
2479         LPCWSTR p = szAcl;
2480
2481         while (*p && *p != ';')
2482             p++;
2483
2484         if (p - szAcl <= 8)
2485         {
2486             rights = strtoulW(szAcl, NULL, 16);
2487             *StringAcl = p;
2488         }
2489         else
2490             WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2491     }
2492     else
2493     {
2494         while (*szAcl != ';')
2495         {
2496             LPACEFLAG lpaf = AceRights;
2497
2498             while (lpaf->wstr &&
2499                (len = strlenW(lpaf->wstr)) &&
2500                strncmpW(lpaf->wstr, szAcl, len))
2501             {
2502                lpaf++;
2503             }
2504
2505             if (!lpaf->wstr)
2506                 return 0;
2507
2508             rights |= lpaf->value;
2509             szAcl += len;
2510         }
2511     }
2512
2513     *StringAcl = szAcl;
2514     return rights;
2515 }
2516
2517
2518 /******************************************************************************
2519  * ParseStringAclToAcl
2520  * 
2521  * dacl_flags(string_ace1)(string_ace2)... (string_acen) 
2522  */
2523 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, 
2524     PACL pAcl, LPDWORD cBytes)
2525 {
2526     DWORD val;
2527     DWORD sidlen;
2528     DWORD length = sizeof(ACL);
2529     PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2530
2531     TRACE("%s\n", debugstr_w(StringAcl));
2532
2533     if (!StringAcl)
2534         return FALSE;
2535
2536     if (pAcl) /* pAce is only useful if we're setting values */
2537         pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
2538
2539     /* Parse ACL flags */
2540     *lpdwFlags = ParseAclStringFlags(&StringAcl);
2541
2542     /* Parse ACE */
2543     while (*StringAcl == '(')
2544     {
2545         StringAcl++;
2546
2547         /* Parse ACE type */
2548         val = ParseAceStringType(&StringAcl);
2549         if (pAce)
2550             pAce->Header.AceType = (BYTE) val;
2551         if (*StringAcl != ';')
2552             goto lerr;
2553         StringAcl++;
2554
2555         /* Parse ACE flags */
2556         val = ParseAceStringFlags(&StringAcl);
2557         if (pAce)
2558             pAce->Header.AceFlags = (BYTE) val;
2559         if (*StringAcl != ';')
2560             goto lerr;
2561         StringAcl++;
2562
2563         /* Parse ACE rights */
2564         val = ParseAceStringRights(&StringAcl);
2565         if (pAce)
2566             pAce->Mask = val;
2567         if (*StringAcl != ';')
2568             goto lerr;
2569         StringAcl++;
2570
2571         /* Parse ACE object guid */
2572         if (*StringAcl != ';')
2573         {
2574             FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2575             goto lerr;
2576         }
2577         StringAcl++;
2578
2579         /* Parse ACE inherit object guid */
2580         if (*StringAcl != ';')
2581         {
2582             FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2583             goto lerr;
2584         }
2585         StringAcl++;
2586
2587         /* Parse ACE account sid */
2588         if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
2589         {
2590             while (*StringAcl && *StringAcl != ')')
2591                 StringAcl++;
2592         }
2593
2594         if (*StringAcl != ')')
2595             goto lerr;
2596         StringAcl++;
2597
2598         length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2599     }
2600
2601     *cBytes = length;
2602     return TRUE;
2603
2604 lerr:
2605     WARN("Invalid ACE string format\n");
2606     return FALSE;
2607 }
2608
2609
2610 /******************************************************************************
2611  * ParseStringSecurityDescriptorToSecurityDescriptor
2612  */
2613 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2614     LPCWSTR StringSecurityDescriptor,
2615     SECURITY_DESCRIPTOR* SecurityDescriptor,
2616     LPDWORD cBytes)
2617 {
2618     BOOL bret = FALSE;
2619     WCHAR toktype;
2620     WCHAR tok[MAX_PATH];
2621     LPCWSTR lptoken;
2622     LPBYTE lpNext = NULL;
2623     DWORD len;
2624
2625     *cBytes = 0;
2626
2627     if (SecurityDescriptor)
2628         lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
2629
2630     while (*StringSecurityDescriptor)
2631     {
2632         toktype = *StringSecurityDescriptor;
2633
2634         /* Expect char identifier followed by ':' */
2635         StringSecurityDescriptor++;
2636         if (*StringSecurityDescriptor != ':')
2637         {
2638             SetLastError(ERROR_INVALID_PARAMETER);
2639             goto lend;
2640         }
2641         StringSecurityDescriptor++;
2642
2643         /* Extract token */
2644         lptoken = StringSecurityDescriptor;
2645         while (*lptoken && *lptoken != ':')
2646             lptoken++;
2647
2648         if (*lptoken)
2649             lptoken--;
2650
2651         len = lptoken - StringSecurityDescriptor;
2652         memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2653         tok[len] = 0;
2654
2655         switch (toktype)
2656         {
2657             case 'O':
2658             {
2659                 DWORD bytes;
2660
2661                 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2662                     goto lend;
2663
2664                 if (SecurityDescriptor)
2665                 {
2666                     SecurityDescriptor->Owner = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2667                     lpNext += bytes; /* Advance to next token */
2668                 }
2669
2670                 *cBytes += bytes;
2671
2672                 break;
2673             }
2674
2675             case 'G':
2676             {
2677                 DWORD bytes;
2678
2679                 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2680                     goto lend;
2681
2682                 if (SecurityDescriptor)
2683                 {
2684                     SecurityDescriptor->Group = (PSID)(lpNext - (LPBYTE)SecurityDescriptor);
2685                     lpNext += bytes; /* Advance to next token */
2686                 }
2687
2688                 *cBytes += bytes;
2689
2690                 break;
2691             }
2692
2693             case 'D':
2694             {
2695                 DWORD flags;
2696                 DWORD bytes;
2697
2698                 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2699                     goto lend;
2700
2701                 if (SecurityDescriptor)
2702                 {
2703                     SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2704                     SecurityDescriptor->Dacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2705                     lpNext += bytes; /* Advance to next token */
2706                 }
2707
2708                 *cBytes += bytes;
2709
2710                 break;
2711             }
2712
2713             case 'S':
2714             {
2715                 DWORD flags;
2716                 DWORD bytes;
2717
2718                 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2719                     goto lend;
2720
2721                 if (SecurityDescriptor)
2722                 {
2723                     SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2724                     SecurityDescriptor->Sacl = (PACL)(lpNext - (LPBYTE)SecurityDescriptor);
2725                     lpNext += bytes; /* Advance to next token */
2726                 }
2727
2728                 *cBytes += bytes;
2729
2730                 break;
2731             }
2732
2733             default:
2734                 FIXME("Unknown token\n");
2735                 SetLastError(ERROR_INVALID_PARAMETER);
2736                 goto lend;
2737         }
2738
2739         StringSecurityDescriptor = lptoken;
2740     }
2741
2742     bret = TRUE;
2743
2744 lend:
2745     return bret;
2746 }
2747
2748 /******************************************************************************
2749  * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2750  */
2751 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(
2752         LPCSTR StringSecurityDescriptor,
2753         DWORD StringSDRevision,
2754         PSECURITY_DESCRIPTOR* SecurityDescriptor,
2755         PULONG SecurityDescriptorSize)
2756 {
2757     UINT len;
2758     BOOL ret = FALSE;
2759     LPWSTR StringSecurityDescriptorW;
2760
2761     len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2762     StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2763
2764     if (StringSecurityDescriptorW)
2765     {
2766         MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2767
2768         ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2769                                                                    StringSDRevision, SecurityDescriptor,
2770                                                                    SecurityDescriptorSize);
2771         HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2772     }
2773
2774     return ret;
2775 }
2776
2777 /******************************************************************************
2778  * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2779  */
2780 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2781         LPCWSTR StringSecurityDescriptor,
2782         DWORD StringSDRevision,
2783         PSECURITY_DESCRIPTOR* SecurityDescriptor,
2784         PULONG SecurityDescriptorSize)
2785 {
2786     DWORD cBytes;
2787     SECURITY_DESCRIPTOR* psd;
2788     BOOL bret = FALSE;
2789
2790     TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2791
2792     if (GetVersion() & 0x80000000)
2793     {
2794         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2795         goto lend;
2796     }
2797     else if (StringSDRevision != SID_REVISION)
2798     {
2799         SetLastError(ERROR_UNKNOWN_REVISION);
2800         goto lend;
2801     }
2802
2803     /* Compute security descriptor length */
2804     if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2805         NULL, &cBytes))
2806         goto lend;
2807
2808     psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2809         GMEM_ZEROINIT, cBytes);
2810
2811     psd->Revision = SID_REVISION;
2812     psd->Control |= SE_SELF_RELATIVE;
2813
2814     if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2815         psd, &cBytes))
2816     {
2817         LocalFree(psd);
2818         goto lend;
2819     }
2820
2821     if (SecurityDescriptorSize)
2822         *SecurityDescriptorSize = cBytes;
2823
2824     bret = TRUE;
2825  
2826 lend:
2827     TRACE(" ret=%d\n", bret);
2828     return bret;
2829 }
2830
2831 /******************************************************************************
2832  * ConvertStringSidToSidW [ADVAPI32.@]
2833  */
2834 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2835 {
2836     BOOL bret = FALSE;
2837     DWORD cBytes;
2838
2839     TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
2840     if (GetVersion() & 0x80000000)
2841         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2842     else if (!StringSid || !Sid)
2843         SetLastError(ERROR_INVALID_PARAMETER);
2844     else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2845     {
2846         PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2847
2848         bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2849         if (!bret)
2850             LocalFree(*Sid); 
2851     }
2852     TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2853     return bret;
2854 }
2855
2856 /******************************************************************************
2857  * ConvertStringSidToSidA [ADVAPI32.@]
2858  */
2859 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
2860 {
2861     BOOL bret = FALSE;
2862
2863     TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
2864     if (GetVersion() & 0x80000000)
2865         SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2866     else if (!StringSid || !Sid)
2867         SetLastError(ERROR_INVALID_PARAMETER);
2868     else
2869     {
2870         UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
2871         LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0,
2872          len * sizeof(WCHAR));
2873
2874         MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
2875         bret = ConvertStringSidToSidW(wStringSid, Sid);
2876         HeapFree(GetProcessHeap(), 0, wStringSid);
2877     }
2878     TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2879     return bret;
2880 }
2881
2882 /******************************************************************************
2883  * ConvertSidToStringSidW [ADVAPI32.@]
2884  *
2885  *  format of SID string is:
2886  *    S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2887  *  where
2888  *    <rev> is the revision of the SID encoded as decimal
2889  *    <auth> is the identifier authority encoded as hex
2890  *    <subauthN> is the subauthority id encoded as decimal
2891  */
2892 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2893 {
2894     DWORD sz, i;
2895     LPWSTR str;
2896     WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2897     WCHAR subauthfmt[] = { '-','%','u',0 };
2898     SID* pisid=pSid;
2899
2900     TRACE("%p %p\n", pSid, pstr );
2901
2902     if( !IsValidSid( pSid ) )
2903         return FALSE;
2904
2905     if (pisid->Revision != SDDL_REVISION)
2906         return FALSE;
2907     if (pisid->IdentifierAuthority.Value[0] ||
2908      pisid->IdentifierAuthority.Value[1])
2909     {
2910         FIXME("not matching MS' bugs\n");
2911         return FALSE;
2912     }
2913
2914     sz = 14 + pisid->SubAuthorityCount * 11;
2915     str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2916     sprintfW( str, fmt, pisid->Revision, MAKELONG(
2917      MAKEWORD( pisid->IdentifierAuthority.Value[5],
2918      pisid->IdentifierAuthority.Value[4] ),
2919      MAKEWORD( pisid->IdentifierAuthority.Value[3],
2920      pisid->IdentifierAuthority.Value[2] ) ) );
2921     for( i=0; i<pisid->SubAuthorityCount; i++ )
2922         sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2923     *pstr = str;
2924
2925     return TRUE;
2926 }
2927
2928 /******************************************************************************
2929  * ConvertSidToStringSidA [ADVAPI32.@]
2930  */
2931 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2932 {
2933     LPWSTR wstr = NULL;
2934     LPSTR str;
2935     UINT len;
2936
2937     TRACE("%p %p\n", pSid, pstr );
2938
2939     if( !ConvertSidToStringSidW( pSid, &wstr ) )
2940         return FALSE;
2941
2942     len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2943     str = LocalAlloc( 0, len );
2944     WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2945     LocalFree( wstr );
2946
2947     *pstr = str;
2948
2949     return TRUE;
2950 }
2951
2952 BOOL WINAPI CreatePrivateObjectSecurity(
2953         PSECURITY_DESCRIPTOR ParentDescriptor,
2954         PSECURITY_DESCRIPTOR CreatorDescriptor,
2955         PSECURITY_DESCRIPTOR* NewDescriptor,
2956         BOOL IsDirectoryObject,
2957         HANDLE Token,
2958         PGENERIC_MAPPING GenericMapping )
2959 {
2960     FIXME("%p %p %p %d %p %p - stub\n", ParentDescriptor, CreatorDescriptor,
2961           NewDescriptor, IsDirectoryObject, Token, GenericMapping);
2962
2963     return FALSE;
2964 }
2965
2966 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor )
2967 {
2968     FIXME("%p - stub\n", ObjectDescriptor);
2969
2970     return TRUE;
2971 }
2972
2973 BOOL WINAPI CreateProcessAsUserA(
2974         HANDLE hToken,
2975         LPCSTR lpApplicationName,
2976         LPSTR lpCommandLine,
2977         LPSECURITY_ATTRIBUTES lpProcessAttributes,
2978         LPSECURITY_ATTRIBUTES lpThreadAttributes,
2979         BOOL bInheritHandles,
2980         DWORD dwCreationFlags,
2981         LPVOID lpEnvironment,
2982         LPCSTR lpCurrentDirectory,
2983         LPSTARTUPINFOA lpStartupInfo,
2984         LPPROCESS_INFORMATION lpProcessInformation )
2985 {
2986     FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName),
2987           debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
2988           dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
2989
2990     return FALSE;
2991 }
2992
2993 BOOL WINAPI CreateProcessAsUserW(
2994         HANDLE hToken,
2995         LPCWSTR lpApplicationName,
2996         LPWSTR lpCommandLine,
2997         LPSECURITY_ATTRIBUTES lpProcessAttributes,
2998         LPSECURITY_ATTRIBUTES lpThreadAttributes,
2999         BOOL bInheritHandles,
3000         DWORD dwCreationFlags,
3001         LPVOID lpEnvironment,
3002         LPCWSTR lpCurrentDirectory,
3003         LPSTARTUPINFOW lpStartupInfo,
3004         LPPROCESS_INFORMATION lpProcessInformation )
3005 {
3006     FIXME("%p %s %s %p %p %d 0x%08lx %p %s %p %p - semi- stub\n", hToken, 
3007           debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes,
3008           lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, 
3009           debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
3010
3011     /* We should create the process with a suspended main thread */
3012     if (!CreateProcessW (lpApplicationName,
3013                          lpCommandLine,
3014                          lpProcessAttributes,
3015                          lpThreadAttributes,
3016                          bInheritHandles,
3017                          dwCreationFlags, /* CREATE_SUSPENDED */
3018                          lpEnvironment,
3019                          lpCurrentDirectory,
3020                          lpStartupInfo,
3021                          lpProcessInformation))
3022     {
3023       return FALSE;
3024     }
3025
3026     return TRUE;
3027 }
3028
3029 /******************************************************************************
3030  * ComputeStringSidSize
3031  */
3032 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3033 {
3034     int ctok = 0;
3035     DWORD size = sizeof(SID);
3036
3037     while (*StringSid)
3038     {
3039         if (*StringSid == '-')
3040             ctok++;
3041         StringSid++;
3042     }
3043
3044     if (ctok > 3)
3045         size += (ctok - 3) * sizeof(DWORD);
3046
3047     return size;
3048 }
3049
3050 BOOL WINAPI DuplicateTokenEx(
3051         HANDLE ExistingTokenHandle, DWORD dwDesiredAccess,
3052         LPSECURITY_ATTRIBUTES lpTokenAttributes,
3053         SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3054         TOKEN_TYPE TokenType,
3055         PHANDLE DuplicateTokenHandle )
3056 {
3057     OBJECT_ATTRIBUTES ObjectAttributes;
3058
3059     TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3060           ImpersonationLevel, TokenType, DuplicateTokenHandle);
3061
3062     InitializeObjectAttributes(
3063         &ObjectAttributes,
3064         NULL,
3065         (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0,
3066         NULL,
3067         lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL );
3068
3069     return set_ntstatus( NtDuplicateToken( ExistingTokenHandle,
3070                                            dwDesiredAccess,
3071                                            &ObjectAttributes,
3072                                            ImpersonationLevel,
3073                                            TokenType,
3074                                            DuplicateTokenHandle ) );
3075 }
3076
3077 BOOL WINAPI DuplicateToken(
3078         HANDLE ExistingTokenHandle,
3079         SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3080         PHANDLE DuplicateTokenHandle )
3081 {
3082     return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY,
3083                              NULL, ImpersonationLevel, TokenImpersonation,
3084                              DuplicateTokenHandle );
3085 }
3086
3087 BOOL WINAPI EnumDependentServicesA(
3088         SC_HANDLE hService,
3089         DWORD dwServiceState,
3090         LPENUM_SERVICE_STATUSA lpServices,
3091         DWORD cbBufSize,
3092         LPDWORD pcbBytesNeeded,
3093         LPDWORD lpServicesReturned )
3094 {
3095     FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3096           lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3097
3098     return FALSE;
3099 }
3100
3101 BOOL WINAPI EnumDependentServicesW(
3102         SC_HANDLE hService,
3103         DWORD dwServiceState,
3104         LPENUM_SERVICE_STATUSW lpServices,
3105         DWORD cbBufSize,
3106         LPDWORD pcbBytesNeeded,
3107         LPDWORD lpServicesReturned )
3108 {
3109     FIXME("%p 0x%08lx %p 0x%08lx %p %p - stub\n", hService, dwServiceState,
3110           lpServices, cbBufSize, pcbBytesNeeded, lpServicesReturned);
3111
3112     return FALSE;
3113 }
3114
3115 /******************************************************************************
3116  * ParseStringSidToSid
3117  */
3118 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3119 {
3120     BOOL bret = FALSE;
3121     SID* pisid=pSid;
3122
3123     TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3124     if (!StringSid)
3125     {
3126         SetLastError(ERROR_INVALID_PARAMETER);
3127         TRACE("StringSid is NULL, returning FALSE\n");
3128         return FALSE;
3129     }
3130
3131     *cBytes = ComputeStringSidSize(StringSid);
3132     if (!pisid) /* Simply compute the size */
3133     {
3134         TRACE("only size requested, returning TRUE\n");
3135         return TRUE;
3136     }
3137
3138     if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3139     {
3140         DWORD i = 0, identAuth;
3141         DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
3142
3143         StringSid += 2; /* Advance to Revision */
3144         pisid->Revision = atoiW(StringSid);
3145
3146         if (pisid->Revision != SDDL_REVISION)
3147         {
3148             TRACE("Revision %d is unknown\n", pisid->Revision);
3149             goto lend; /* ERROR_INVALID_SID */
3150         }
3151         if (csubauth == 0)
3152         {
3153             TRACE("SubAuthorityCount is 0\n");
3154             goto lend; /* ERROR_INVALID_SID */
3155         }
3156
3157         pisid->SubAuthorityCount = csubauth;
3158
3159         /* Advance to identifier authority */
3160         while (*StringSid && *StringSid != '-')
3161             StringSid++;
3162         if (*StringSid == '-')
3163             StringSid++;
3164
3165         /* MS' implementation can't handle values greater than 2^32 - 1, so
3166          * we don't either; assume most significant bytes are always 0
3167          */
3168         pisid->IdentifierAuthority.Value[0] = 0;
3169         pisid->IdentifierAuthority.Value[1] = 0;
3170         identAuth = atoiW(StringSid);
3171         pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3172         pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3173         pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3174         pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3175
3176         /* Advance to first sub authority */
3177         while (*StringSid && *StringSid != '-')
3178             StringSid++;
3179         if (*StringSid == '-')
3180             StringSid++;
3181
3182         while (*StringSid)
3183         {       
3184             while (*StringSid && *StringSid != '-')
3185                 StringSid++;
3186
3187             pisid->SubAuthority[i++] = atoiW(StringSid);
3188         }
3189
3190         if (i != pisid->SubAuthorityCount)
3191             goto lend; /* ERROR_INVALID_SID */
3192
3193         bret = TRUE;
3194     }
3195     else /* String constant format  - Only available in winxp and above */
3196     {
3197         pisid->Revision = SDDL_REVISION;
3198         pisid->SubAuthorityCount = 1;
3199
3200         FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3201
3202         /* TODO: Lookup string of well-known SIDs in table */
3203         pisid->IdentifierAuthority.Value[5] = 0;
3204         pisid->SubAuthority[0] = 0;
3205
3206         bret = TRUE;
3207     }
3208
3209 lend:
3210     if (!bret)
3211         SetLastError(ERROR_INVALID_SID);
3212
3213     TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3214     return bret;
3215 }
3216
3217 /******************************************************************************
3218  * GetNamedSecurityInfoA [ADVAPI32.@]
3219  */
3220 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
3221         SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
3222         PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
3223         PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
3224 {
3225     DWORD len;
3226     LPWSTR wstr = NULL;
3227     DWORD r;
3228
3229     TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3230         ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3231
3232     if( pObjectName )
3233     {
3234         len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3235         wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3236         MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3237     }
3238
3239     r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3240                            ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3241
3242     HeapFree( GetProcessHeap(), 0, wstr );
3243
3244     return r;
3245 }
3246
3247 /******************************************************************************
3248  * GetNamedSecurityInfoW [ADVAPI32.@]
3249  */
3250 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type,
3251     SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl,
3252     PACL* sacl, PSECURITY_DESCRIPTOR* descriptor )
3253 {
3254     DWORD needed, offset;
3255     SECURITY_DESCRIPTOR_RELATIVE *relative;
3256     BYTE *buffer;
3257
3258     TRACE( "%s %d %ld %p %p %p %p %p\n", debugstr_w(name), type, info, owner,
3259            group, dacl, sacl, descriptor );
3260
3261     if (!name || !descriptor) return ERROR_INVALID_PARAMETER;
3262
3263     needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3264     if (info & OWNER_SECURITY_INFORMATION)
3265         needed += sizeof(sidWorld);
3266     if (info & GROUP_SECURITY_INFORMATION)
3267         needed += sizeof(sidWorld);
3268     if (info & DACL_SECURITY_INFORMATION)
3269         needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3270     if (info & SACL_SECURITY_INFORMATION)
3271         needed += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3272
3273     /* must be freed by caller */
3274     *descriptor = HeapAlloc( GetProcessHeap(), 0, needed );
3275     if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY;
3276
3277     if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION ))
3278     {
3279         HeapFree( GetProcessHeap(), 0, *descriptor );
3280         return ERROR_INVALID_SECURITY_DESCR;
3281     }
3282
3283     relative = (SECURITY_DESCRIPTOR_RELATIVE *)*descriptor;
3284     relative->Control |= SE_SELF_RELATIVE;
3285     buffer = (BYTE *)relative;
3286     offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
3287
3288     if (owner && (info & OWNER_SECURITY_INFORMATION))
3289     {
3290         memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3291         relative->Owner = offset;
3292         *owner = buffer + offset;
3293         offset += sizeof(sidWorld);
3294     }
3295     if (group && (info & GROUP_SECURITY_INFORMATION))
3296     {
3297         memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) );
3298         relative->Group = offset;
3299         *group = buffer + offset;
3300         offset += sizeof(sidWorld);
3301     }
3302     if (dacl && (info & DACL_SECURITY_INFORMATION))
3303     {
3304         GetWorldAccessACL( (PACL)(buffer + offset) );
3305         relative->Dacl = offset;
3306         *dacl = (PACL)(buffer + offset);
3307         offset += WINE_SIZE_OF_WORLD_ACCESS_ACL;
3308     }
3309     if (sacl && (info & SACL_SECURITY_INFORMATION))
3310     {
3311         GetWorldAccessACL( (PACL)(buffer + offset) );
3312         relative->Sacl = offset;
3313         *sacl = (PACL)(buffer + offset);
3314     }
3315     return ERROR_SUCCESS;
3316 }
3317
3318 /******************************************************************************
3319  * DecryptFileW [ADVAPI32.@]
3320  */
3321 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved)
3322 {
3323     FIXME("%s %08lx\n", debugstr_w(lpFileName), dwReserved);
3324     return TRUE;
3325 }
3326
3327 /******************************************************************************
3328  * DecryptFileA [ADVAPI32.@]
3329  */
3330 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved)
3331 {
3332     FIXME("%s %08lx\n", debugstr_a(lpFileName), dwReserved);
3333     return TRUE;
3334 }
3335
3336 /******************************************************************************
3337  * EncryptFileW [ADVAPI32.@]
3338  */
3339 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName)
3340 {
3341     FIXME("%s\n", debugstr_w(lpFileName));
3342     return TRUE;
3343 }
3344
3345 /******************************************************************************
3346  * EncryptFileA [ADVAPI32.@]
3347  */
3348 BOOL WINAPI EncryptFileA(LPCSTR lpFileName)
3349 {
3350     FIXME("%s\n", debugstr_a(lpFileName));
3351     return TRUE;
3352 }
3353
3354 /******************************************************************************
3355  * SetSecurityInfo [ADVAPI32.@]
3356  */
3357 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, 
3358                       SECURITY_INFORMATION SecurityInfo, PSID psidOwner,
3359                       PSID psidGroup, PACL pDacl, PACL pSacl) {
3360     FIXME("stub\n");
3361     return ERROR_SUCCESS;
3362 }