2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
37 #include "wine/debug.h"
38 #include "wine/unicode.h"
40 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
42 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
43 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
44 PACL pAcl, LPDWORD cBytes);
45 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
46 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
47 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
48 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
49 LPCWSTR StringSecurityDescriptor,
50 SECURITY_DESCRIPTOR* SecurityDescriptor,
52 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
54 typedef struct _ACEFLAG
58 } ACEFLAG, *LPACEFLAG;
63 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
64 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
65 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
66 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
67 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
68 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
69 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
70 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
75 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
76 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
77 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
78 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
79 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
80 static const WCHAR SDDL_ALARM[] = {'A','L',0};
81 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
82 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
87 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
88 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
89 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
90 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
91 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
92 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
93 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
95 #define CallWin32ToNt(func) \
98 if (ret !=STATUS_SUCCESS) \
99 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
103 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
107 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
108 oa->Length, oa->RootDirectory,
109 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
110 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
114 /************************************************************
115 * ADVAPI_IsLocalComputer
117 * Checks whether the server name indicates local machine.
119 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
125 else if (!ServerName[0])
131 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
135 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
136 Result = GetComputerNameW(buf, &dwSize);
137 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
139 Result = Result && !lstrcmpW(ServerName, buf);
140 HeapFree(GetProcessHeap(), 0, buf);
146 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
147 if (!ADVAPI_IsLocalComputer(ServerName)) \
149 FIXME("Action Implemented for local computer only. " \
150 "Requested for server %s\n", debugstr_w(ServerName)); \
151 return FailureCode; \
154 /* ##############################
155 ###### TOKEN FUNCTIONS ######
156 ##############################
159 /******************************************************************************
160 * OpenProcessToken [ADVAPI32.@]
161 * Opens the access token associated with a process handle.
164 * ProcessHandle [I] Handle to process
165 * DesiredAccess [I] Desired access to process
166 * TokenHandle [O] Pointer to handle of open access token
169 * Success: TRUE. TokenHandle contains the access token.
173 * See NtOpenProcessToken.
176 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
177 HANDLE *TokenHandle )
179 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
182 /******************************************************************************
183 * OpenThreadToken [ADVAPI32.@]
185 * Opens the access token associated with a thread handle.
188 * ThreadHandle [I] Handle to process
189 * DesiredAccess [I] Desired access to the thread
191 * TokenHandle [O] Destination for the token handle
194 * Success: TRUE. TokenHandle contains the access token.
198 * See NtOpenThreadToken.
201 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
202 BOOL OpenAsSelf, HANDLE *TokenHandle)
204 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
207 /******************************************************************************
208 * AdjustTokenPrivileges [ADVAPI32.@]
210 * Adjust the privileges of an open token handle.
213 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
214 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
215 * NewState [I] Desired new privileges of the token
216 * BufferLength [I] Length of NewState
217 * PreviousState [O] Destination for the previous state
218 * ReturnLength [I/O] Size of PreviousState
222 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
226 * See NtAdjustPrivilegesToken.
229 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
230 LPVOID NewState, DWORD BufferLength,
231 LPVOID PreviousState, LPDWORD ReturnLength )
233 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
236 /******************************************************************************
237 * CheckTokenMembership [ADVAPI32.@]
239 * Determine if an access token is a member of a SID.
242 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
243 * SidToCheck [I] SID that possibly contains the token
244 * IsMember [O] Destination for result.
247 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
251 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
254 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
260 /******************************************************************************
261 * GetTokenInformation [ADVAPI32.@]
264 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
265 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
266 * tokeninfo [O] Destination for token information
267 * tokeninfolength [I] Length of tokeninfo
268 * retlen [O] Destination for returned token information length
271 * Success: TRUE. tokeninfo contains retlen bytes of token information
275 * See NtQueryInformationToken.
278 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
279 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
281 TRACE("(%p, %s, %p, %ld, %p): \n",
283 (tokeninfoclass == TokenUser) ? "TokenUser" :
284 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
285 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
286 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
287 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
288 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
289 (tokeninfoclass == TokenSource) ? "TokenSource" :
290 (tokeninfoclass == TokenType) ? "TokenType" :
291 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
292 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
293 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
294 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
295 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
296 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
297 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
299 tokeninfo, tokeninfolength, retlen);
300 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
303 /******************************************************************************
304 * SetTokenInformation [ADVAPI32.@]
306 * Set information for an access token.
309 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
310 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
311 * tokeninfo [I] Token information to set
312 * tokeninfolength [I] Length of tokeninfo
315 * Success: TRUE. The information for the token is set to tokeninfo.
319 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
320 LPVOID tokeninfo, DWORD tokeninfolength )
322 TRACE("(%p, %s, %p, %ld): stub\n",
324 (tokeninfoclass == TokenUser) ? "TokenUser" :
325 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
326 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
327 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
328 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
329 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
330 (tokeninfoclass == TokenSource) ? "TokenSource" :
331 (tokeninfoclass == TokenType) ? "TokenType" :
332 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
333 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
334 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
335 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
336 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
337 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
338 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
340 tokeninfo, tokeninfolength);
342 CallWin32ToNt (NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength ));
345 /*************************************************************************
346 * SetThreadToken [ADVAPI32.@]
348 * Assigns an 'impersonation token' to a thread so it can assume the
349 * security privileges of another thread or process. Can also remove
350 * a previously assigned token.
353 * thread [O] Handle to thread to set the token for
354 * token [I] Token to set
357 * Success: TRUE. The threads access token is set to token
361 * Only supported on NT or higher. On Win9X this function does nothing.
362 * See SetTokenInformation.
364 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
366 CallWin32ToNt (NtSetInformationThread( thread ? *thread : GetCurrentThread(),
367 ThreadImpersonationToken, &token, sizeof token ));
370 /* ##############################
371 ###### SID FUNCTIONS ######
372 ##############################
375 /******************************************************************************
376 * AllocateAndInitializeSid [ADVAPI32.@]
379 * pIdentifierAuthority []
380 * nSubAuthorityCount []
392 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
393 BYTE nSubAuthorityCount,
394 DWORD nSubAuthority0, DWORD nSubAuthority1,
395 DWORD nSubAuthority2, DWORD nSubAuthority3,
396 DWORD nSubAuthority4, DWORD nSubAuthority5,
397 DWORD nSubAuthority6, DWORD nSubAuthority7,
400 CallWin32ToNt (RtlAllocateAndInitializeSid(
401 pIdentifierAuthority, nSubAuthorityCount,
402 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
403 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
407 /******************************************************************************
408 * FreeSid [ADVAPI32.@]
417 return NULL; /* is documented like this */
420 /******************************************************************************
421 * CopySid [ADVAPI32.@]
424 * nDestinationSidLength []
429 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
431 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
434 /******************************************************************************
435 * IsValidSid [ADVAPI32.@]
441 IsValidSid( PSID pSid )
443 return RtlValidSid( pSid );
446 /******************************************************************************
447 * EqualSid [ADVAPI32.@]
454 EqualSid( PSID pSid1, PSID pSid2 )
456 return RtlEqualSid( pSid1, pSid2 );
459 /******************************************************************************
460 * EqualPrefixSid [ADVAPI32.@]
462 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
464 return RtlEqualPrefixSid(pSid1, pSid2);
467 /******************************************************************************
468 * GetSidLengthRequired [ADVAPI32.@]
471 * nSubAuthorityCount []
474 GetSidLengthRequired( BYTE nSubAuthorityCount )
476 return RtlLengthRequiredSid(nSubAuthorityCount);
479 /******************************************************************************
480 * InitializeSid [ADVAPI32.@]
483 * pIdentifierAuthority []
488 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
489 BYTE nSubAuthorityCount)
491 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
494 /******************************************************************************
495 * GetSidIdentifierAuthority [ADVAPI32.@]
500 PSID_IDENTIFIER_AUTHORITY WINAPI
501 GetSidIdentifierAuthority( PSID pSid )
503 return RtlIdentifierAuthoritySid(pSid);
506 /******************************************************************************
507 * GetSidSubAuthority [ADVAPI32.@]
514 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
516 return RtlSubAuthoritySid(pSid, nSubAuthority);
519 /******************************************************************************
520 * GetSidSubAuthorityCount [ADVAPI32.@]
526 GetSidSubAuthorityCount (PSID pSid)
528 return RtlSubAuthorityCountSid(pSid);
531 /******************************************************************************
532 * GetLengthSid [ADVAPI32.@]
538 GetLengthSid (PSID pSid)
540 return RtlLengthSid(pSid);
543 /* ##############################################
544 ###### SECURITY DESCRIPTOR FUNCTIONS ######
545 ##############################################
548 /******************************************************************************
549 * InitializeSecurityDescriptor [ADVAPI32.@]
556 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision )
558 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
562 /******************************************************************************
563 * MakeAbsoluteSD [ADVAPI32.@]
565 BOOL WINAPI MakeAbsoluteSD (
566 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
567 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
568 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
570 OUT LPDWORD lpdwDaclSize,
572 OUT LPDWORD lpdwSaclSize,
574 OUT LPDWORD lpdwOwnerSize,
575 OUT PSID pPrimaryGroup,
576 OUT LPDWORD lpdwPrimaryGroupSize)
578 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
579 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
580 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
581 pPrimaryGroup, lpdwPrimaryGroupSize));
585 /******************************************************************************
586 * GetSecurityDescriptorLength [ADVAPI32.@]
588 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr)
590 return (RtlLengthSecurityDescriptor(pDescr));
593 /******************************************************************************
594 * GetSecurityDescriptorOwner [ADVAPI32.@]
598 * lpbOwnerDefaulted []
601 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner,
602 LPBOOL lpbOwnerDefaulted )
604 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
607 /******************************************************************************
608 * SetSecurityDescriptorOwner [ADVAPI32.@]
612 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
613 PSID pOwner, BOOL bOwnerDefaulted)
615 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
617 /******************************************************************************
618 * GetSecurityDescriptorGroup [ADVAPI32.@]
620 BOOL WINAPI GetSecurityDescriptorGroup(
621 PSECURITY_DESCRIPTOR SecurityDescriptor,
623 LPBOOL GroupDefaulted)
625 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
627 /******************************************************************************
628 * SetSecurityDescriptorGroup [ADVAPI32.@]
630 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
631 PSID Group, BOOL GroupDefaulted)
633 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
636 /******************************************************************************
637 * IsValidSecurityDescriptor [ADVAPI32.@]
643 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
645 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
648 /******************************************************************************
649 * GetSecurityDescriptorDacl [ADVAPI32.@]
651 BOOL WINAPI GetSecurityDescriptorDacl(
652 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
653 OUT LPBOOL lpbDaclPresent,
655 OUT LPBOOL lpbDaclDefaulted)
657 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
658 pDacl, (PBOOLEAN)lpbDaclDefaulted));
661 /******************************************************************************
662 * SetSecurityDescriptorDacl [ADVAPI32.@]
665 SetSecurityDescriptorDacl (
666 PSECURITY_DESCRIPTOR lpsd,
671 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
673 /******************************************************************************
674 * GetSecurityDescriptorSacl [ADVAPI32.@]
676 BOOL WINAPI GetSecurityDescriptorSacl(
677 IN PSECURITY_DESCRIPTOR lpsd,
678 OUT LPBOOL lpbSaclPresent,
680 OUT LPBOOL lpbSaclDefaulted)
682 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
683 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
686 /**************************************************************************
687 * SetSecurityDescriptorSacl [ADVAPI32.@]
689 BOOL WINAPI SetSecurityDescriptorSacl (
690 PSECURITY_DESCRIPTOR lpsd,
695 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
697 /******************************************************************************
698 * MakeSelfRelativeSD [ADVAPI32.@]
707 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
708 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
709 IN OUT LPDWORD lpdwBufferLength)
711 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
714 /******************************************************************************
715 * GetSecurityDescriptorControl [ADVAPI32.@]
718 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
721 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
724 /* ##############################
725 ###### ACL FUNCTIONS ######
726 ##############################
729 /*************************************************************************
730 * InitializeAcl [ADVAPI32.@]
732 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
734 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
737 /******************************************************************************
738 * AddAccessAllowedAce [ADVAPI32.@]
740 BOOL WINAPI AddAccessAllowedAce(
742 IN DWORD dwAceRevision,
746 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
749 /******************************************************************************
750 * AddAccessAllowedAceEx [ADVAPI32.@]
752 BOOL WINAPI AddAccessAllowedAceEx(
754 IN DWORD dwAceRevision,
759 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
762 /******************************************************************************
763 * AddAccessDeniedAce [ADVAPI32.@]
765 BOOL WINAPI AddAccessDeniedAce(
767 IN DWORD dwAceRevision,
771 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
774 /******************************************************************************
775 * AddAccessDeniedAceEx [ADVAPI32.@]
777 BOOL WINAPI AddAccessDeniedAceEx(
779 IN DWORD dwAceRevision,
784 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
787 /******************************************************************************
788 * AddAce [ADVAPI32.@]
792 IN DWORD dwAceRevision,
793 IN DWORD dwStartingAceIndex,
795 DWORD nAceListLength)
797 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
800 /******************************************************************************
801 * DeleteAce [ADVAPI32.@]
803 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
805 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
808 /******************************************************************************
809 * FindFirstFreeAce [ADVAPI32.@]
811 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
813 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
816 /******************************************************************************
817 * GetAce [ADVAPI32.@]
819 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
821 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
824 /******************************************************************************
825 * GetAclInformation [ADVAPI32.@]
827 BOOL WINAPI GetAclInformation(
829 LPVOID pAclInformation,
830 DWORD nAclInformationLength,
831 ACL_INFORMATION_CLASS dwAclInformationClass)
833 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
834 nAclInformationLength, dwAclInformationClass));
837 /******************************************************************************
838 * IsValidAcl [ADVAPI32.@]
840 BOOL WINAPI IsValidAcl(IN PACL pAcl)
842 return RtlValidAcl(pAcl);
845 /* ##############################
846 ###### MISC FUNCTIONS ######
847 ##############################
850 /******************************************************************************
851 * AllocateLocallyUniqueId [ADVAPI32.@]
856 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid )
858 CallWin32ToNt(NtAllocateLocallyUniqueId(lpLuid));
861 static const WCHAR SE_CREATE_TOKEN_NAME_W[] =
862 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
863 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] =
864 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 };
865 static const WCHAR SE_LOCK_MEMORY_NAME_W[] =
866 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 };
867 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] =
868 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 };
869 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] =
870 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 };
871 static const WCHAR SE_TCB_NAME_W[] =
872 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 };
873 static const WCHAR SE_SECURITY_NAME_W[] =
874 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
875 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] =
876 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 };
877 static const WCHAR SE_LOAD_DRIVER_NAME_W[] =
878 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 };
879 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] =
880 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
881 static const WCHAR SE_SYSTEMTIME_NAME_W[] =
882 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 };
883 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] =
884 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 };
885 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] =
886 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 };
887 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] =
888 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 };
889 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] =
890 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 };
891 static const WCHAR SE_BACKUP_NAME_W[] =
892 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 };
893 static const WCHAR SE_RESTORE_NAME_W[] =
894 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 };
895 static const WCHAR SE_SHUTDOWN_NAME_W[] =
896 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
897 static const WCHAR SE_DEBUG_NAME_W[] =
898 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 };
899 static const WCHAR SE_AUDIT_NAME_W[] =
900 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 };
901 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] =
902 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 };
903 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] =
904 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 };
905 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] =
906 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 };
907 static const WCHAR SE_UNDOCK_NAME_W[] =
908 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 };
909 static const WCHAR SE_SYNC_AGENT_NAME_W[] =
910 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 };
911 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] =
912 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 };
913 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] =
914 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 };
915 static const WCHAR SE_IMPERSONATE_NAME_W[] =
916 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 };
917 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] =
918 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 };
920 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] =
924 SE_CREATE_TOKEN_NAME_W,
925 SE_ASSIGNPRIMARYTOKEN_NAME_W,
926 SE_LOCK_MEMORY_NAME_W,
927 SE_INCREASE_QUOTA_NAME_W,
928 SE_MACHINE_ACCOUNT_NAME_W,
931 SE_TAKE_OWNERSHIP_NAME_W,
932 SE_LOAD_DRIVER_NAME_W,
933 SE_SYSTEM_PROFILE_NAME_W,
934 SE_SYSTEMTIME_NAME_W,
935 SE_PROF_SINGLE_PROCESS_NAME_W,
936 SE_INC_BASE_PRIORITY_NAME_W,
937 SE_CREATE_PAGEFILE_NAME_W,
938 SE_CREATE_PERMANENT_NAME_W,
944 SE_SYSTEM_ENVIRONMENT_NAME_W,
945 SE_CHANGE_NOTIFY_NAME_W,
946 SE_REMOTE_SHUTDOWN_NAME_W,
948 SE_SYNC_AGENT_NAME_W,
949 SE_ENABLE_DELEGATION_NAME_W,
950 SE_MANAGE_VOLUME_NAME_W,
951 SE_IMPERSONATE_NAME_W,
952 SE_CREATE_GLOBAL_NAME_W,
955 /******************************************************************************
956 * LookupPrivilegeValueW [ADVAPI32.@]
958 * See LookupPrivilegeValueA.
961 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
965 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
967 if (!ADVAPI_IsLocalComputer(lpSystemName))
969 SetLastError(RPC_S_SERVER_UNAVAILABLE);
974 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
977 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<SE_MAX_WELL_KNOWN_PRIVILEGE; i++ )
979 if( !WellKnownPrivNames[i] )
981 if( strcmpiW( WellKnownPrivNames[i], lpName) )
984 lpLuid->HighPart = 0;
985 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
986 lpLuid->HighPart, lpLuid->LowPart );
989 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
993 /******************************************************************************
994 * LookupPrivilegeValueA [ADVAPI32.@]
996 * Retrieves LUID used on a system to represent the privilege name.
999 * lpSystemName [I] Name of the system
1000 * lpName [I] Name of the privilege
1001 * lpLuid [O] Destination for the resulting LUID
1004 * Success: TRUE. lpLuid contains the requested LUID.
1008 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
1010 UNICODE_STRING lpSystemNameW;
1011 UNICODE_STRING lpNameW;
1014 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1015 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
1016 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
1017 RtlFreeUnicodeString(&lpNameW);
1018 RtlFreeUnicodeString(&lpSystemNameW);
1023 /******************************************************************************
1024 * LookupPrivilegeNameA [ADVAPI32.@]
1026 * See LookupPrivilegeNameW
1029 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName,
1032 UNICODE_STRING lpSystemNameW;
1036 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1038 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1039 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1040 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1042 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1044 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1048 /* Windows crashes if cchName is NULL, so will I */
1049 int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1050 *cchName, NULL, NULL);
1054 /* WideCharToMultiByte failed */
1057 else if (len > *cchName)
1060 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1065 /* WideCharToMultiByte succeeded, output length needs to be
1066 * length not including NULL terminator
1071 HeapFree(GetProcessHeap(), 0, lpNameW);
1073 RtlFreeUnicodeString(&lpSystemNameW);
1077 /******************************************************************************
1078 * LookupPrivilegeNameW [ADVAPI32.@]
1080 * Retrieves the privilege name referred to by the LUID lpLuid.
1083 * lpSystemName [I] Name of the system
1084 * lpLuid [I] Privilege value
1085 * lpName [O] Name of the privilege
1086 * cchName [I/O] Number of characters in lpName.
1089 * Success: TRUE. lpName contains the name of the privilege whose value is
1094 * Only well-known privilege names (those defined in winnt.h) can be retrieved
1095 * using this function.
1096 * If the length of lpName is too small, on return *cchName will contain the
1097 * number of WCHARs needed to contain the privilege, including the NULL
1098 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER.
1099 * On success, *cchName will contain the number of characters stored in
1100 * lpName, NOT including the NULL terminator.
1103 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName,
1108 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName);
1110 if (!ADVAPI_IsLocalComputer(lpSystemName))
1112 SetLastError(RPC_S_SERVER_UNAVAILABLE);
1115 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
1116 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
1118 SetLastError(ERROR_NO_SUCH_PRIVILEGE);
1121 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]);
1122 /* Windows crashes if cchName is NULL, so will I */
1123 if (*cchName <= privNameLen)
1125 *cchName = privNameLen + 1;
1126 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1131 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]);
1132 *cchName = privNameLen;
1137 /******************************************************************************
1138 * GetFileSecurityA [ADVAPI32.@]
1140 * Obtains Specified information about the security of a file or directory.
1143 * lpFileName [I] Name of the file to get info for
1144 * RequestedInformation [I] SE_ flags from "winnt.h"
1145 * pSecurityDescriptor [O] Destination for security information
1146 * nLength [I] Length of pSecurityDescriptor
1147 * lpnLengthNeeded [O] Destination for length of returned security information
1150 * Success: TRUE. pSecurityDescriptor contains the requested information.
1151 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1154 * The information returned is constrained by the callers access rights and
1158 GetFileSecurityA( LPCSTR lpFileName,
1159 SECURITY_INFORMATION RequestedInformation,
1160 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1161 DWORD nLength, LPDWORD lpnLengthNeeded )
1169 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1170 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1171 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1174 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor,
1175 nLength, lpnLengthNeeded );
1177 HeapFree( GetProcessHeap(), 0, name );
1182 /******************************************************************************
1183 * GetFileSecurityW [ADVAPI32.@]
1185 * See GetFileSecurityA.
1188 GetFileSecurityW( LPCWSTR lpFileName,
1189 SECURITY_INFORMATION RequestedInformation,
1190 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1191 DWORD nLength, LPDWORD lpnLengthNeeded )
1193 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1198 /******************************************************************************
1199 * LookupAccountSidA [ADVAPI32.@]
1206 IN OUT LPDWORD accountSize,
1208 IN OUT LPDWORD domainSize,
1209 OUT PSID_NAME_USE name_use )
1211 static const char ac[] = "Administrator";
1212 static const char dm[] = "DOMAIN";
1213 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1214 debugstr_a(system),sid,
1215 account,accountSize,accountSize?*accountSize:0,
1216 domain,domainSize,domainSize?*domainSize:0,
1219 if (accountSize) *accountSize = strlen(ac)+1;
1220 if (account && (*accountSize > strlen(ac)))
1221 strcpy(account, ac);
1223 if (domainSize) *domainSize = strlen(dm)+1;
1224 if (domain && (*domainSize > strlen(dm)))
1227 if (name_use) *name_use = SidTypeUser;
1231 /******************************************************************************
1232 * LookupAccountSidW [ADVAPI32.@]
1248 IN OUT LPDWORD accountSize,
1250 IN OUT LPDWORD domainSize,
1251 OUT PSID_NAME_USE name_use )
1253 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1254 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1255 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1256 debugstr_w(system),sid,
1257 account,accountSize,accountSize?*accountSize:0,
1258 domain,domainSize,domainSize?*domainSize:0,
1261 if (accountSize) *accountSize = strlenW(ac)+1;
1262 if (account && (*accountSize > strlenW(ac)))
1263 strcpyW(account, ac);
1265 if (domainSize) *domainSize = strlenW(dm)+1;
1266 if (domain && (*domainSize > strlenW(dm)))
1269 if (name_use) *name_use = SidTypeUser;
1273 /******************************************************************************
1274 * SetFileSecurityA [ADVAPI32.@]
1275 * Sets the security of a file or directory
1277 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1278 SECURITY_INFORMATION RequestedInformation,
1279 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1287 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 );
1288 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) );
1289 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len );
1292 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor );
1294 HeapFree( GetProcessHeap(), 0, name );
1299 /******************************************************************************
1300 * SetFileSecurityW [ADVAPI32.@]
1301 * Sets the security of a file or directory
1305 * RequestedInformation []
1306 * pSecurityDescriptor []
1309 SetFileSecurityW( LPCWSTR lpFileName,
1310 SECURITY_INFORMATION RequestedInformation,
1311 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1313 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1317 /******************************************************************************
1318 * QueryWindows31FilesMigration [ADVAPI32.@]
1324 QueryWindows31FilesMigration( DWORD x1 )
1326 FIXME("(%ld):stub\n",x1);
1330 /******************************************************************************
1331 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1340 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1343 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1347 /******************************************************************************
1348 * LsaOpenPolicy [ADVAPI32.@]
1352 * ObjectAttributes [I]
1354 * PolicyHandle [I/O]
1358 IN PLSA_UNICODE_STRING SystemName,
1359 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1360 IN ACCESS_MASK DesiredAccess,
1361 IN OUT PLSA_HANDLE PolicyHandle)
1363 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1364 SystemName?debugstr_w(SystemName->Buffer):"null",
1365 ObjectAttributes, DesiredAccess, PolicyHandle);
1366 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1367 STATUS_ACCESS_VIOLATION);
1368 dumpLsaAttributes(ObjectAttributes);
1369 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1370 return STATUS_SUCCESS;
1373 /******************************************************************************
1374 * LsaQueryInformationPolicy [ADVAPI32.@]
1377 LsaQueryInformationPolicy(
1378 IN LSA_HANDLE PolicyHandle,
1379 IN POLICY_INFORMATION_CLASS InformationClass,
1382 FIXME("(%p,0x%08x,%p):stub\n",
1383 PolicyHandle, InformationClass, Buffer);
1385 if(!Buffer) return FALSE;
1386 switch (InformationClass)
1388 case PolicyAuditEventsInformation: /* 2 */
1390 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1391 p->AuditingMode = FALSE; /* no auditing */
1395 case PolicyPrimaryDomainInformation: /* 3 */
1396 case PolicyAccountDomainInformation: /* 5 */
1399 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1402 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1404 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1406 BOOL useDefault = TRUE;
1409 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1410 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1411 KEY_READ, &key)) == ERROR_SUCCESS)
1414 static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1416 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1417 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1419 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1420 HEAP_ZERO_MEMORY, size);
1421 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1422 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1424 xdi->ppdi.Name.Length = (USHORT)size;
1429 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1430 xdi->ppdi.Name.Buffer = NULL;
1436 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1437 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1439 xdi->ppdi.Sid = &(xdi->sid);
1440 xdi->sid.Revision = SID_REVISION;
1441 xdi->sid.SubAuthorityCount = 1;
1442 xdi->sid.IdentifierAuthority = localSidAuthority;
1443 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1447 case PolicyAuditLogInformation:
1448 case PolicyPdAccountInformation:
1449 case PolicyLsaServerRoleInformation:
1450 case PolicyReplicaSourceInformation:
1451 case PolicyDefaultQuotaInformation:
1452 case PolicyModificationInformation:
1453 case PolicyAuditFullSetInformation:
1454 case PolicyAuditFullQueryInformation:
1455 case PolicyDnsDomainInformation:
1457 FIXME("category not implemented\n");
1464 /******************************************************************************
1465 * LsaLookupSids [ADVAPI32.@]
1469 IN LSA_HANDLE PolicyHandle,
1472 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1473 OUT PLSA_TRANSLATED_NAME *Names )
1475 FIXME("%p %lu %p %p %p\n",
1476 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1480 /******************************************************************************
1481 * LsaFreeMemory [ADVAPI32.@]
1484 LsaFreeMemory(IN PVOID Buffer)
1486 TRACE("(%p)\n",Buffer);
1487 return HeapFree(GetProcessHeap(), 0, Buffer);
1489 /******************************************************************************
1490 * LsaClose [ADVAPI32.@]
1493 LsaClose(IN LSA_HANDLE ObjectHandle)
1495 FIXME("(%p):stub\n",ObjectHandle);
1499 /******************************************************************************
1500 * LsaNtStatusToWinError [ADVAPI32.@]
1506 LsaNtStatusToWinError(NTSTATUS Status)
1508 return RtlNtStatusToDosError(Status);
1511 /******************************************************************************
1512 * NotifyBootConfigStatus [ADVAPI32.@]
1518 NotifyBootConfigStatus( DWORD x1 )
1520 FIXME("(0x%08lx):stub\n",x1);
1524 /******************************************************************************
1525 * RevertToSelf [ADVAPI32.@]
1531 RevertToSelf( void )
1533 FIXME("(), stub\n");
1537 /******************************************************************************
1538 * ImpersonateSelf [ADVAPI32.@]
1541 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1543 return RtlImpersonateSelf(ImpersonationLevel);
1546 /******************************************************************************
1547 * ImpersonateLoggedOnUser [ADVAPI32.@]
1549 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1551 FIXME("(%p):stub returning FALSE\n", hToken);
1555 /******************************************************************************
1556 * AccessCheck [ADVAPI32.@]
1558 * FIXME check cast LPBOOL to PBOOLEAN
1562 PSECURITY_DESCRIPTOR SecurityDescriptor,
1564 DWORD DesiredAccess,
1565 PGENERIC_MAPPING GenericMapping,
1566 PPRIVILEGE_SET PrivilegeSet,
1567 LPDWORD PrivilegeSetLength,
1568 LPDWORD GrantedAccess,
1569 LPBOOL AccessStatus)
1571 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1572 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1576 /******************************************************************************
1577 * AccessCheckByType [ADVAPI32.@]
1579 BOOL WINAPI AccessCheckByType(
1580 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1581 PSID PrincipalSelfSid,
1583 DWORD DesiredAccess,
1584 POBJECT_TYPE_LIST ObjectTypeList,
1585 DWORD ObjectTypeListLength,
1586 PGENERIC_MAPPING GenericMapping,
1587 PPRIVILEGE_SET PrivilegeSet,
1588 LPDWORD PrivilegeSetLength,
1589 LPDWORD GrantedAccess,
1590 LPBOOL AccessStatus)
1594 *AccessStatus = TRUE;
1596 return !*AccessStatus;
1600 /*************************************************************************
1601 * SetKernelObjectSecurity [ADVAPI32.@]
1603 BOOL WINAPI SetKernelObjectSecurity (
1605 IN SECURITY_INFORMATION SecurityInformation,
1606 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1608 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1612 /******************************************************************************
1613 * AddAuditAccessAce [ADVAPI32.@]
1615 BOOL WINAPI AddAuditAccessAce(
1617 IN DWORD dwAceRevision,
1618 IN DWORD dwAccessMask,
1620 IN BOOL bAuditSuccess,
1621 IN BOOL bAuditFailure)
1627 /******************************************************************************
1628 * LookupAccountNameA [ADVAPI32.@]
1636 LPSTR ReferencedDomainName,
1637 IN OUT LPDWORD cbReferencedDomainName,
1638 OUT PSID_NAME_USE name_use )
1640 /* Default implementation: Always return a default SID */
1641 SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
1644 static const char dm[] = "DOMAIN";
1646 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1648 ret = AllocateAndInitializeSid(&identifierAuthority,
1650 SECURITY_BUILTIN_DOMAIN_RID,
1651 DOMAIN_ALIAS_RID_ADMINS,
1657 if(!RtlValidSid(pSid))
1663 if (sid != NULL && (*cbSid >= GetLengthSid(pSid)))
1664 CopySid(*cbSid, sid, pSid);
1665 if (*cbSid < GetLengthSid(pSid))
1667 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1670 *cbSid = GetLengthSid(pSid);
1672 if (ReferencedDomainName != NULL && (*cbReferencedDomainName > strlen(dm)))
1673 strcpy(ReferencedDomainName, dm);
1674 if (*cbReferencedDomainName <= strlen(dm))
1676 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1679 *cbReferencedDomainName = strlen(dm)+1;
1686 /******************************************************************************
1687 * PrivilegeCheck [ADVAPI32.@]
1689 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1691 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1697 /******************************************************************************
1698 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1700 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1701 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1702 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1703 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1705 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1706 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1707 SecurityDescriptor, DesiredAccess, GenericMapping,
1708 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1712 /******************************************************************************
1713 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1715 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1716 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1717 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1718 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1720 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1721 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1722 SecurityDescriptor, DesiredAccess, GenericMapping,
1723 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1728 /******************************************************************************
1729 * GetSecurityInfo [ADVAPI32.@]
1731 DWORD WINAPI GetSecurityInfo(
1732 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1733 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner,
1734 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl,
1735 PSECURITY_DESCRIPTOR *ppSecurityDescriptor
1739 return ERROR_BAD_PROVIDER;
1742 /******************************************************************************
1743 * GetSecurityInfoExW [ADVAPI32.@]
1745 DWORD WINAPI GetSecurityInfoExW(
1746 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1747 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1748 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1749 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1753 return ERROR_BAD_PROVIDER;
1756 /******************************************************************************
1757 * BuildTrusteeWithSidA [ADVAPI32.@]
1759 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1761 TRACE("%p %p\n", pTrustee, pSid);
1763 pTrustee->pMultipleTrustee = NULL;
1764 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1765 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
1766 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1767 pTrustee->ptstrName = (LPSTR) pSid;
1770 /******************************************************************************
1771 * BuildTrusteeWithSidW [ADVAPI32.@]
1773 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1775 TRACE("%p %p\n", pTrustee, pSid);
1777 pTrustee->pMultipleTrustee = NULL;
1778 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1779 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
1780 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1781 pTrustee->ptstrName = (LPWSTR) pSid;
1784 /******************************************************************************
1785 * BuildTrusteeWithNameA [ADVAPI32.@]
1787 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name)
1789 TRACE("%p %s\n", pTrustee, debugstr_a(name) );
1791 pTrustee->pMultipleTrustee = NULL;
1792 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1793 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
1794 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1795 pTrustee->ptstrName = name;
1798 /******************************************************************************
1799 * BuildTrusteeWithNameW [ADVAPI32.@]
1801 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name)
1803 TRACE("%p %s\n", pTrustee, debugstr_w(name) );
1805 pTrustee->pMultipleTrustee = NULL;
1806 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1807 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
1808 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1809 pTrustee->ptstrName = name;
1812 /******************************************************************************
1813 * SetEntriesInAclA [ADVAPI32.@]
1815 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1816 PACL OldAcl, PACL* NewAcl )
1818 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1819 return ERROR_CALL_NOT_IMPLEMENTED;
1822 /******************************************************************************
1823 * SetEntriesInAclW [ADVAPI32.@]
1825 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1826 PACL OldAcl, PACL* NewAcl )
1828 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1829 return ERROR_CALL_NOT_IMPLEMENTED;
1832 /******************************************************************************
1833 * SetNamedSecurityInfoA [ADVAPI32.@]
1835 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1836 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1837 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1843 TRACE("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1844 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1848 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
1849 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
1850 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
1853 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner,
1854 psidGroup, pDacl, pSacl );
1857 HeapFree( GetProcessHeap(), 0, wstr );
1862 /******************************************************************************
1863 * AreAnyAccessesGranted [ADVAPI32.@]
1865 * Determines whether or not any of a set of specified access permissions have
1866 * been granted or not.
1869 * GrantedAccess [I] The permissions that have been granted.
1870 * DesiredAccess [I] The permissions that you want to have.
1873 * Nonzero if any of the permissions have been granted, zero if none of the
1874 * permissions have been granted.
1877 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
1879 return (GrantedAccess & DesiredAccess) != 0;
1882 /******************************************************************************
1883 * SetNamedSecurityInfoW [ADVAPI32.@]
1885 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1886 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1887 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1889 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1890 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1891 return ERROR_CALL_NOT_IMPLEMENTED;
1894 /******************************************************************************
1895 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1897 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1898 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1900 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1901 return ERROR_CALL_NOT_IMPLEMENTED;
1904 /******************************************************************************
1905 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1907 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1908 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1910 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1911 return ERROR_CALL_NOT_IMPLEMENTED;
1915 /******************************************************************************
1916 * ParseAclStringFlags
1918 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1921 LPCWSTR szAcl = *StringAcl;
1923 while (*szAcl != '(')
1927 flags |= SE_DACL_PROTECTED;
1929 else if (*szAcl == 'A')
1933 flags |= SE_DACL_AUTO_INHERIT_REQ;
1934 else if (*szAcl == 'I')
1935 flags |= SE_DACL_AUTO_INHERITED;
1944 /******************************************************************************
1945 * ParseAceStringType
1949 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1950 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1951 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1952 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1954 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1955 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1956 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1957 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1962 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1965 LPCWSTR szAcl = *StringAcl;
1966 LPACEFLAG lpaf = AceType;
1968 while (lpaf->wstr &&
1969 (len = strlenW(lpaf->wstr)) &&
1970 strncmpW(lpaf->wstr, szAcl, len))
1981 /******************************************************************************
1982 * ParseAceStringFlags
1984 ACEFLAG AceFlags[] =
1986 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
1987 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
1988 { SDDL_INHERITED, INHERITED_ACE },
1989 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
1990 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
1991 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
1992 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
1996 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2000 LPCWSTR szAcl = *StringAcl;
2002 while (*szAcl != ';')
2004 LPACEFLAG lpaf = AceFlags;
2006 while (lpaf->wstr &&
2007 (len = strlenW(lpaf->wstr)) &&
2008 strncmpW(lpaf->wstr, szAcl, len))
2014 flags |= lpaf->value;
2023 /******************************************************************************
2024 * ParseAceStringRights
2026 ACEFLAG AceRights[] =
2028 { SDDL_GENERIC_ALL, GENERIC_ALL },
2029 { SDDL_GENERIC_READ, GENERIC_READ },
2030 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2031 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2032 { SDDL_READ_CONTROL, READ_CONTROL },
2033 { SDDL_STANDARD_DELETE, DELETE },
2034 { SDDL_WRITE_DAC, WRITE_DAC },
2035 { SDDL_WRITE_OWNER, WRITE_OWNER },
2039 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2043 LPCWSTR szAcl = *StringAcl;
2045 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2049 while (*p && *p != ';')
2054 rights = strtoulW(szAcl, NULL, 16);
2058 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2062 while (*szAcl != ';')
2064 LPACEFLAG lpaf = AceRights;
2066 while (lpaf->wstr &&
2067 (len = strlenW(lpaf->wstr)) &&
2068 strncmpW(lpaf->wstr, szAcl, len))
2076 rights |= lpaf->value;
2086 /******************************************************************************
2087 * ParseStringAclToAcl
2089 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2091 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2092 PACL pAcl, LPDWORD cBytes)
2096 DWORD length = sizeof(ACL);
2097 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2099 TRACE("%s\n", debugstr_w(StringAcl));
2104 if (pAcl) /* pAce is only useful if we're setting values */
2105 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
2107 /* Parse ACL flags */
2108 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2111 while (*StringAcl == '(')
2115 /* Parse ACE type */
2116 val = ParseAceStringType(&StringAcl);
2118 pAce->Header.AceType = (BYTE) val;
2119 if (*StringAcl != ';')
2123 /* Parse ACE flags */
2124 val = ParseAceStringFlags(&StringAcl);
2126 pAce->Header.AceFlags = (BYTE) val;
2127 if (*StringAcl != ';')
2131 /* Parse ACE rights */
2132 val = ParseAceStringRights(&StringAcl);
2135 if (*StringAcl != ';')
2139 /* Parse ACE object guid */
2140 if (*StringAcl != ';')
2142 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2147 /* Parse ACE inherit object guid */
2148 if (*StringAcl != ';')
2150 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2155 /* Parse ACE account sid */
2156 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
2158 while (*StringAcl && *StringAcl != ')')
2162 if (*StringAcl != ')')
2166 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2173 WARN("Invalid ACE string format\n");
2178 /******************************************************************************
2179 * ParseStringSecurityDescriptorToSecurityDescriptor
2181 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2182 LPCWSTR StringSecurityDescriptor,
2183 SECURITY_DESCRIPTOR* SecurityDescriptor,
2188 WCHAR tok[MAX_PATH];
2190 LPBYTE lpNext = NULL;
2194 if (SecurityDescriptor)
2195 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
2197 while (*StringSecurityDescriptor)
2199 toktype = *StringSecurityDescriptor;
2201 /* Expect char identifier followed by ':' */
2202 StringSecurityDescriptor++;
2203 if (*StringSecurityDescriptor != ':')
2205 SetLastError(ERROR_INVALID_PARAMETER);
2208 StringSecurityDescriptor++;
2211 lptoken = StringSecurityDescriptor;
2212 while (*lptoken && *lptoken != ':')
2218 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
2226 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2229 if (SecurityDescriptor)
2231 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
2232 (DWORD) SecurityDescriptor);
2233 lpNext += bytes; /* Advance to next token */
2245 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
2248 if (SecurityDescriptor)
2250 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
2251 (DWORD) SecurityDescriptor);
2252 lpNext += bytes; /* Advance to next token */
2265 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2268 if (SecurityDescriptor)
2270 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2271 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
2272 (DWORD) SecurityDescriptor);
2273 lpNext += bytes; /* Advance to next token */
2286 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2289 if (SecurityDescriptor)
2291 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2292 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
2293 (DWORD) SecurityDescriptor);
2294 lpNext += bytes; /* Advance to next token */
2303 FIXME("Unknown token\n");
2304 SetLastError(ERROR_INVALID_PARAMETER);
2308 StringSecurityDescriptor = lptoken;
2317 /******************************************************************************
2318 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2320 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2321 LPCWSTR StringSecurityDescriptor,
2322 DWORD StringSDRevision,
2323 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2324 PULONG SecurityDescriptorSize)
2327 SECURITY_DESCRIPTOR* psd;
2330 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2332 if (GetVersion() & 0x80000000)
2334 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2337 else if (StringSDRevision != SID_REVISION)
2339 SetLastError(ERROR_UNKNOWN_REVISION);
2343 /* Compute security descriptor length */
2344 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2348 psd = *SecurityDescriptor = (SECURITY_DESCRIPTOR*) LocalAlloc(
2349 GMEM_ZEROINIT, cBytes);
2351 psd->Revision = SID_REVISION;
2352 psd->Control |= SE_SELF_RELATIVE;
2354 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2361 if (SecurityDescriptorSize)
2362 *SecurityDescriptorSize = cBytes;
2367 TRACE(" ret=%d\n", bret);
2371 /******************************************************************************
2372 * ConvertStringSidToSidW [ADVAPI32.@]
2374 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2379 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
2380 if (GetVersion() & 0x80000000)
2381 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2382 else if (!StringSid || !Sid)
2383 SetLastError(ERROR_INVALID_PARAMETER);
2384 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2386 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2388 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2392 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2396 /******************************************************************************
2397 * ConvertStringSidToSidA [ADVAPI32.@]
2399 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
2403 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
2404 if (GetVersion() & 0x80000000)
2405 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2406 else if (!StringSid || !Sid)
2407 SetLastError(ERROR_INVALID_PARAMETER);
2410 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0);
2411 LPWSTR wStringSid = (LPWSTR)HeapAlloc(GetProcessHeap(), 0,
2412 len * sizeof(WCHAR));
2414 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len);
2415 bret = ConvertStringSidToSidW(wStringSid, Sid);
2416 HeapFree(GetProcessHeap(), 0, wStringSid);
2418 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2422 /******************************************************************************
2423 * ConvertSidToStringSidW [ADVAPI32.@]
2425 * format of SID string is:
2426 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>...
2428 * <rev> is the revision of the SID encoded as decimal
2429 * <auth> is the identifier authority encoded as hex
2430 * <subauthN> is the subauthority id encoded as decimal
2432 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr )
2436 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2437 WCHAR subauthfmt[] = { '-','%','u',0 };
2440 TRACE("%p %p\n", pSid, pstr );
2442 if( !IsValidSid( pSid ) )
2445 if (pisid->Revision != SDDL_REVISION)
2447 if (pisid->IdentifierAuthority.Value[0] ||
2448 pisid->IdentifierAuthority.Value[1])
2450 FIXME("not matching MS' bugs\n");
2454 sz = 14 + pisid->SubAuthorityCount * 11;
2455 str = LocalAlloc( 0, sz*sizeof(WCHAR) );
2456 sprintfW( str, fmt, pisid->Revision, MAKELONG(
2457 MAKEWORD( pisid->IdentifierAuthority.Value[5],
2458 pisid->IdentifierAuthority.Value[4] ),
2459 MAKEWORD( pisid->IdentifierAuthority.Value[3],
2460 pisid->IdentifierAuthority.Value[2] ) ) );
2461 for( i=0; i<pisid->SubAuthorityCount; i++ )
2462 sprintfW( str + strlenW(str), subauthfmt, pisid->SubAuthority[i] );
2468 /******************************************************************************
2469 * ConvertSidToStringSidA [ADVAPI32.@]
2471 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr)
2477 TRACE("%p %p\n", pSid, pstr );
2479 if( !ConvertSidToStringSidW( pSid, &wstr ) )
2482 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL );
2483 str = LocalAlloc( 0, len );
2484 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL );
2492 /******************************************************************************
2493 * ComputeStringSidSize
2495 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2498 DWORD size = sizeof(SID);
2502 if (*StringSid == '-')
2508 size += (ctok - 3) * sizeof(DWORD);
2513 /******************************************************************************
2514 * ParseStringSidToSid
2516 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2521 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
2524 SetLastError(ERROR_INVALID_PARAMETER);
2525 TRACE("StringSid is NULL, returning FALSE\n");
2529 *cBytes = ComputeStringSidSize(StringSid);
2530 if (!pisid) /* Simply compute the size */
2532 TRACE("only size requested, returning TRUE\n");
2536 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2538 DWORD i = 0, identAuth;
2539 DWORD csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2541 StringSid += 2; /* Advance to Revision */
2542 pisid->Revision = atoiW(StringSid);
2544 if (pisid->Revision != SDDL_REVISION)
2546 TRACE("Revision %d is unknown\n", pisid->Revision);
2547 goto lend; /* ERROR_INVALID_SID */
2551 TRACE("SubAuthorityCount is 0\n");
2552 goto lend; /* ERROR_INVALID_SID */
2555 pisid->SubAuthorityCount = csubauth;
2557 /* Advance to identifier authority */
2558 while (*StringSid && *StringSid != '-')
2560 if (*StringSid == '-')
2563 /* MS' implementation can't handle values greater than 2^32 - 1, so
2564 * we don't either; assume most significant bytes are always 0
2566 pisid->IdentifierAuthority.Value[0] = 0;
2567 pisid->IdentifierAuthority.Value[1] = 0;
2568 identAuth = atoiW(StringSid);
2569 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
2570 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
2571 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
2572 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
2574 /* Advance to first sub authority */
2575 while (*StringSid && *StringSid != '-')
2577 if (*StringSid == '-')
2582 while (*StringSid && *StringSid != '-')
2585 pisid->SubAuthority[i++] = atoiW(StringSid);
2588 if (i != pisid->SubAuthorityCount)
2589 goto lend; /* ERROR_INVALID_SID */
2593 else /* String constant format - Only available in winxp and above */
2595 pisid->Revision = SDDL_REVISION;
2596 pisid->SubAuthorityCount = 1;
2598 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2600 /* TODO: Lookup string of well-known SIDs in table */
2601 pisid->IdentifierAuthority.Value[5] = 0;
2602 pisid->SubAuthority[0] = 0;
2609 SetLastError(ERROR_INVALID_SID);
2611 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
2615 /******************************************************************************
2616 * GetNamedSecurityInfoA [ADVAPI32.@]
2618 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2619 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2620 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2621 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2627 TRACE("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2628 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2632 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
2633 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
2634 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
2637 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
2638 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
2641 HeapFree( GetProcessHeap(), 0, wstr );
2646 /******************************************************************************
2647 * GetNamedSecurityInfoW [ADVAPI32.@]
2649 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2650 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2651 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2652 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2654 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2655 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2656 return ERROR_CALL_NOT_IMPLEMENTED;
projects / wine / blob