2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
36 #include "wine/debug.h"
37 #include "wine/unicode.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
41 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
42 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
43 PACL pAcl, LPDWORD cBytes);
44 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
45 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
46 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
47 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
48 LPCWSTR StringSecurityDescriptor,
49 PSECURITY_DESCRIPTOR SecurityDescriptor,
51 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
53 typedef struct _ACEFLAG
57 } ACEFLAG, *LPACEFLAG;
62 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
63 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
64 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
65 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
66 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
67 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
68 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
69 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
74 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
75 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
76 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
77 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
78 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
79 static const WCHAR SDDL_ALARM[] = {'A','L',0};
80 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
81 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
86 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
87 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
88 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
89 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
90 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
91 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
92 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
94 #define CallWin32ToNt(func) \
97 if (ret !=STATUS_SUCCESS) \
98 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
102 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
106 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
107 oa->Length, oa->RootDirectory,
108 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
109 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
113 /************************************************************
114 * ADVAPI_IsLocalComputer
116 * Checks whether the server name indicates local machine.
118 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
126 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
130 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
131 Result = GetComputerNameW(buf, &dwSize);
132 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
134 Result = Result && !lstrcmpW(ServerName, buf);
135 HeapFree(GetProcessHeap(), 0, buf);
141 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
142 if (!ADVAPI_IsLocalComputer(ServerName)) \
144 FIXME("Action Implemented for local computer only. " \
145 "Requested for server %s\n", debugstr_w(ServerName)); \
146 return FailureCode; \
149 /* ##############################
150 ###### TOKEN FUNCTIONS ######
151 ##############################
154 /******************************************************************************
155 * OpenProcessToken [ADVAPI32.@]
156 * Opens the access token associated with a process handle.
159 * ProcessHandle [I] Handle to process
160 * DesiredAccess [I] Desired access to process
161 * TokenHandle [O] Pointer to handle of open access token
164 * Success: TRUE. TokenHandle contains the access token.
168 * See NtOpenProcessToken.
171 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
172 HANDLE *TokenHandle )
174 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
177 /******************************************************************************
178 * OpenThreadToken [ADVAPI32.@]
180 * Opens the access token associated with a thread handle.
183 * ThreadHandle [I] Handle to process
184 * DesiredAccess [I] Desired access to the thread
186 * TokenHandle [O] Destination for the token handle
189 * Success: TRUE. TokenHandle contains the access token.
193 * See NtOpenThreadToken.
196 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
197 BOOL OpenAsSelf, HANDLE *TokenHandle)
199 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
202 /******************************************************************************
203 * AdjustTokenPrivileges [ADVAPI32.@]
205 * Adjust the privileges of an open token handle.
208 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
209 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
210 * NewState [I] Desired new privileges of the token
211 * BufferLength [I] Length of NewState
212 * PreviousState [O] Destination for the previous state
213 * ReturnLength [I/O] Size of PreviousState
217 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
221 * See NtAdjustPrivilegesToken.
224 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
225 LPVOID NewState, DWORD BufferLength,
226 LPVOID PreviousState, LPDWORD ReturnLength )
228 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
231 /******************************************************************************
232 * CheckTokenMembership [ADVAPI32.@]
234 * Determine if an access token is a member of a SID.
237 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
238 * SidToCheck [I] SID that possibly contains the token
239 * IsMember [O] Destination for result.
242 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
246 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
249 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
255 /******************************************************************************
256 * GetTokenInformation [ADVAPI32.@]
259 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
260 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
261 * tokeninfo [O] Destination for token information
262 * tokeninfolength [I] Length of tokeninfo
263 * retlen [O] Destination for returned token information length
266 * Success: TRUE. tokeninfo contains retlen bytes of token information
270 * See NtQueryInformationToken.
273 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
274 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
276 TRACE("(%p, %s, %p, %ld, %p): \n",
278 (tokeninfoclass == TokenUser) ? "TokenUser" :
279 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
280 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
281 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
282 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
283 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
284 (tokeninfoclass == TokenSource) ? "TokenSource" :
285 (tokeninfoclass == TokenType) ? "TokenType" :
286 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
287 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
288 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
289 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
290 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
291 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
292 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
294 tokeninfo, tokeninfolength, retlen);
295 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
298 /******************************************************************************
299 * SetTokenInformation [ADVAPI32.@]
301 * Set information for an access token.
304 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
305 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
306 * tokeninfo [I] Token information to set
307 * tokeninfolength [I] Length of tokeninfo
310 * Success: TRUE. The information for the token is set to tokeninfo.
314 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
315 LPVOID tokeninfo, DWORD tokeninfolength )
317 FIXME("(%p, %s, %p, %ld): stub\n",
319 (tokeninfoclass == TokenUser) ? "TokenUser" :
320 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
321 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
322 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
323 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
324 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
325 (tokeninfoclass == TokenSource) ? "TokenSource" :
326 (tokeninfoclass == TokenType) ? "TokenType" :
327 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
328 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
329 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
330 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
331 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
332 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
333 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
335 tokeninfo, tokeninfolength);
337 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
342 /*************************************************************************
343 * SetThreadToken [ADVAPI32.@]
345 * Assigns an 'impersonation token' to a thread so it can assume the
346 * security privileges of another thread or process. Can also remove
347 * a previously assigned token.
350 * thread [O] Handle to thread to set the token for
351 * token [I] Token to set
354 * Success: TRUE. The threads access token is set to token
358 * Only supported on NT or higher. On Win9X this function does nothing.
359 * See SetTokenInformation.
361 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
363 FIXME("(%p, %p): stub (NT impl. only)\n", thread, token);
365 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
370 /* ##############################
371 ###### SID FUNCTIONS ######
372 ##############################
375 /******************************************************************************
376 * AllocateAndInitializeSid [ADVAPI32.@]
379 * pIdentifierAuthority []
380 * nSubAuthorityCount []
392 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
393 BYTE nSubAuthorityCount,
394 DWORD nSubAuthority0, DWORD nSubAuthority1,
395 DWORD nSubAuthority2, DWORD nSubAuthority3,
396 DWORD nSubAuthority4, DWORD nSubAuthority5,
397 DWORD nSubAuthority6, DWORD nSubAuthority7,
400 CallWin32ToNt (RtlAllocateAndInitializeSid(
401 pIdentifierAuthority, nSubAuthorityCount,
402 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
403 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
407 /******************************************************************************
408 * FreeSid [ADVAPI32.@]
417 return NULL; /* is documented like this */
420 /******************************************************************************
421 * CopySid [ADVAPI32.@]
424 * nDestinationSidLength []
429 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
431 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
434 /******************************************************************************
435 * IsValidSid [ADVAPI32.@]
441 IsValidSid( PSID pSid )
443 return RtlValidSid( pSid );
446 /******************************************************************************
447 * EqualSid [ADVAPI32.@]
454 EqualSid( PSID pSid1, PSID pSid2 )
456 return RtlEqualSid( pSid1, pSid2 );
459 /******************************************************************************
460 * EqualPrefixSid [ADVAPI32.@]
462 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
464 return RtlEqualPrefixSid(pSid1, pSid2);
467 /******************************************************************************
468 * GetSidLengthRequired [ADVAPI32.@]
471 * nSubAuthorityCount []
474 GetSidLengthRequired( BYTE nSubAuthorityCount )
476 return RtlLengthRequiredSid(nSubAuthorityCount);
479 /******************************************************************************
480 * InitializeSid [ADVAPI32.@]
483 * pIdentifierAuthority []
488 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
489 BYTE nSubAuthorityCount)
491 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
494 /******************************************************************************
495 * GetSidIdentifierAuthority [ADVAPI32.@]
500 PSID_IDENTIFIER_AUTHORITY WINAPI
501 GetSidIdentifierAuthority( PSID pSid )
503 return RtlIdentifierAuthoritySid(pSid);
506 /******************************************************************************
507 * GetSidSubAuthority [ADVAPI32.@]
514 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
516 return RtlSubAuthoritySid(pSid, nSubAuthority);
519 /******************************************************************************
520 * GetSidSubAuthorityCount [ADVAPI32.@]
526 GetSidSubAuthorityCount (PSID pSid)
528 return RtlSubAuthorityCountSid(pSid);
531 /******************************************************************************
532 * GetLengthSid [ADVAPI32.@]
538 GetLengthSid (PSID pSid)
540 return RtlLengthSid(pSid);
543 /* ##############################################
544 ###### SECURITY DESCRIPTOR FUNCTIONS ######
545 ##############################################
548 /******************************************************************************
549 * InitializeSecurityDescriptor [ADVAPI32.@]
556 InitializeSecurityDescriptor( SECURITY_DESCRIPTOR *pDescr, DWORD revision )
558 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
562 /******************************************************************************
563 * MakeAbsoluteSD [ADVAPI32.@]
565 BOOL WINAPI MakeAbsoluteSD (
566 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
567 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
568 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
570 OUT LPDWORD lpdwDaclSize,
572 OUT LPDWORD lpdwSaclSize,
574 OUT LPDWORD lpdwOwnerSize,
575 OUT PSID pPrimaryGroup,
576 OUT LPDWORD lpdwPrimaryGroupSize)
578 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
579 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
580 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
581 pPrimaryGroup, lpdwPrimaryGroupSize));
585 /******************************************************************************
586 * GetSecurityDescriptorLength [ADVAPI32.@]
588 DWORD WINAPI GetSecurityDescriptorLength( SECURITY_DESCRIPTOR *pDescr)
590 return (RtlLengthSecurityDescriptor(pDescr));
593 /******************************************************************************
594 * GetSecurityDescriptorOwner [ADVAPI32.@]
598 * lpbOwnerDefaulted []
601 GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR *pDescr, PSID *pOwner,
602 LPBOOL lpbOwnerDefaulted )
604 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
607 /******************************************************************************
608 * SetSecurityDescriptorOwner [ADVAPI32.@]
612 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
613 PSID pOwner, BOOL bOwnerDefaulted)
615 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
617 /******************************************************************************
618 * GetSecurityDescriptorGroup [ADVAPI32.@]
620 BOOL WINAPI GetSecurityDescriptorGroup(
621 PSECURITY_DESCRIPTOR SecurityDescriptor,
623 LPBOOL GroupDefaulted)
625 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
627 /******************************************************************************
628 * SetSecurityDescriptorGroup [ADVAPI32.@]
630 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
631 PSID Group, BOOL GroupDefaulted)
633 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
636 /******************************************************************************
637 * IsValidSecurityDescriptor [ADVAPI32.@]
643 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
645 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
648 /******************************************************************************
649 * GetSecurityDescriptorDacl [ADVAPI32.@]
651 BOOL WINAPI GetSecurityDescriptorDacl(
652 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
653 OUT LPBOOL lpbDaclPresent,
655 OUT LPBOOL lpbDaclDefaulted)
657 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
658 pDacl, (PBOOLEAN)lpbDaclDefaulted));
661 /******************************************************************************
662 * SetSecurityDescriptorDacl [ADVAPI32.@]
665 SetSecurityDescriptorDacl (
666 PSECURITY_DESCRIPTOR lpsd,
671 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
673 /******************************************************************************
674 * GetSecurityDescriptorSacl [ADVAPI32.@]
676 BOOL WINAPI GetSecurityDescriptorSacl(
677 IN PSECURITY_DESCRIPTOR lpsd,
678 OUT LPBOOL lpbSaclPresent,
680 OUT LPBOOL lpbSaclDefaulted)
682 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
683 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
686 /**************************************************************************
687 * SetSecurityDescriptorSacl [ADVAPI32.@]
689 BOOL WINAPI SetSecurityDescriptorSacl (
690 PSECURITY_DESCRIPTOR lpsd,
695 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
697 /******************************************************************************
698 * MakeSelfRelativeSD [ADVAPI32.@]
707 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
708 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
709 IN OUT LPDWORD lpdwBufferLength)
711 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
714 /******************************************************************************
715 * GetSecurityDescriptorControl [ADVAPI32.@]
718 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
721 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
724 /* ##############################
725 ###### ACL FUNCTIONS ######
726 ##############################
729 /*************************************************************************
730 * InitializeAcl [ADVAPI32.@]
732 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
734 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
737 /******************************************************************************
738 * AddAccessAllowedAce [ADVAPI32.@]
740 BOOL WINAPI AddAccessAllowedAce(
742 IN DWORD dwAceRevision,
746 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
749 /******************************************************************************
750 * AddAccessAllowedAceEx [ADVAPI32.@]
752 BOOL WINAPI AddAccessAllowedAceEx(
754 IN DWORD dwAceRevision,
759 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
762 /******************************************************************************
763 * AddAccessDeniedAce [ADVAPI32.@]
765 BOOL WINAPI AddAccessDeniedAce(
767 IN DWORD dwAceRevision,
771 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
774 /******************************************************************************
775 * AddAccessDeniedAceEx [ADVAPI32.@]
777 BOOL WINAPI AddAccessDeniedAceEx(
779 IN DWORD dwAceRevision,
784 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
787 /******************************************************************************
788 * AddAce [ADVAPI32.@]
792 IN DWORD dwAceRevision,
793 IN DWORD dwStartingAceIndex,
795 DWORD nAceListLength)
797 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
800 /******************************************************************************
801 * DeleteAce [ADVAPI32.@]
803 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
805 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
808 /******************************************************************************
809 * FindFirstFreeAce [ADVAPI32.@]
811 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
813 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
816 /******************************************************************************
817 * GetAce [ADVAPI32.@]
819 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
821 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
824 /******************************************************************************
825 * GetAclInformation [ADVAPI32.@]
827 BOOL WINAPI GetAclInformation(
829 LPVOID pAclInformation,
830 DWORD nAclInformationLength,
831 ACL_INFORMATION_CLASS dwAclInformationClass)
833 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
834 nAclInformationLength, dwAclInformationClass));
837 /******************************************************************************
838 * IsValidAcl [ADVAPI32.@]
840 BOOL WINAPI IsValidAcl(IN PACL pAcl)
842 return RtlValidAcl(pAcl);
845 /* ##############################
846 ###### MISC FUNCTIONS ######
847 ##############################
850 static const char * const DefaultPrivNames[] =
853 "SeCreateTokenPrivilege", "SeAssignPrimaryTokenPrivilege",
854 "SeLockMemoryPrivilege", "SeIncreaseQuotaPrivilege",
855 "SeUnsolicitedInputPrivilege", "SeMachineAccountPrivilege",
856 "SeTcbPrivilege", "SeSecurityPrivilege",
857 "SeTakeOwnershipPrivilege", "SeLoadDriverPrivilege",
858 "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
859 "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege",
860 "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege",
861 "SeBackupPrivilege", "SeRestorePrivilege",
862 "SeShutdownPrivilege", "SeDebugPrivilege",
863 "SeAuditPrivilege", "SeSystemEnvironmentPrivilege",
864 "SeChangeNotifyPrivilege", "SeRemoteShutdownPrivilege",
865 "SeUndockPrivilege", "SeSyncAgentPrivilege",
866 "SeEnableDelegationPrivilege", "SeManageVolumePrivilege",
867 "SeImpersonatePrivilege", "SeCreateGlobalPrivilege",
869 #define NUMPRIVS (sizeof DefaultPrivNames/sizeof DefaultPrivNames[0])
871 /******************************************************************************
872 * LookupPrivilegeValueW [ADVAPI32.@]
874 * See LookupPrivilegeValueA.
877 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
882 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
884 for( i=0; i<NUMPRIVS; i++ )
886 if( !DefaultPrivNames[i] )
888 MultiByteToWideChar( CP_ACP, 0, DefaultPrivNames[i], -1,
890 if( strcmpW( priv, lpName) )
893 lpLuid->HighPart = 0;
894 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
895 lpLuid->HighPart, lpLuid->LowPart );
901 /******************************************************************************
902 * LookupPrivilegeValueA [ADVAPI32.@]
904 * Retrieves LUID used on a system to represent the privilege name.
907 * lpSystemName [I] Name of the system
908 * lpName [I] Name of the privilege
909 * lpLuid [O] Destination for the resulting LUID
912 * Success: TRUE. lpLuid contains the requested LUID.
916 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
918 UNICODE_STRING lpSystemNameW;
919 UNICODE_STRING lpNameW;
922 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
923 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
924 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
925 RtlFreeUnicodeString(&lpNameW);
926 RtlFreeUnicodeString(&lpSystemNameW);
931 /******************************************************************************
932 * LookupPrivilegeNameA [ADVAPI32.@]
935 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
937 FIXME("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
941 /******************************************************************************
942 * LookupPrivilegeNameW [ADVAPI32.@]
945 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
947 FIXME("%s %p %p %p\n", debugstr_w(lpSystemName), lpLuid, lpName, cchName);
951 /******************************************************************************
952 * GetFileSecurityA [ADVAPI32.@]
954 * Obtains Specified information about the security of a file or directory.
957 * lpFileName [I] Name of the file to get info for
958 * RequestedInformation [I] SE_ flags from "winnt.h"
959 * pSecurityDescriptor [O] Destination for security information
960 * nLength [I] Length of pSecurityDescriptor
961 * lpnLengthNeeded [O] Destination for length of returned security information
964 * Success: TRUE. pSecurityDescriptor contains the requested information.
965 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
968 * The information returned is constrained by the callers access rights and
972 GetFileSecurityA( LPCSTR lpFileName,
973 SECURITY_INFORMATION RequestedInformation,
974 PSECURITY_DESCRIPTOR pSecurityDescriptor,
975 DWORD nLength, LPDWORD lpnLengthNeeded )
977 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
981 /******************************************************************************
982 * GetFileSecurityW [ADVAPI32.@]
984 * See GetFileSecurityA.
987 GetFileSecurityW( LPCWSTR lpFileName,
988 SECURITY_INFORMATION RequestedInformation,
989 PSECURITY_DESCRIPTOR pSecurityDescriptor,
990 DWORD nLength, LPDWORD lpnLengthNeeded )
992 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
997 /******************************************************************************
998 * LookupAccountSidA [ADVAPI32.@]
1005 IN OUT LPDWORD accountSize,
1007 IN OUT LPDWORD domainSize,
1008 OUT PSID_NAME_USE name_use )
1010 static const char ac[] = "Administrator";
1011 static const char dm[] = "DOMAIN";
1012 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1013 debugstr_a(system),sid,
1014 account,accountSize,accountSize?*accountSize:0,
1015 domain,domainSize,domainSize?*domainSize:0,
1018 if (accountSize) *accountSize = strlen(ac)+1;
1019 if (account && (*accountSize > strlen(ac)))
1020 strcpy(account, ac);
1022 if (domainSize) *domainSize = strlen(dm)+1;
1023 if (domain && (*domainSize > strlen(dm)))
1026 if (name_use) *name_use = SidTypeUser;
1030 /******************************************************************************
1031 * LookupAccountSidW [ADVAPI32.@]
1047 IN OUT LPDWORD accountSize,
1049 IN OUT LPDWORD domainSize,
1050 OUT PSID_NAME_USE name_use )
1052 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1053 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1054 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1055 debugstr_w(system),sid,
1056 account,accountSize,accountSize?*accountSize:0,
1057 domain,domainSize,domainSize?*domainSize:0,
1060 if (accountSize) *accountSize = strlenW(ac)+1;
1061 if (account && (*accountSize > strlenW(ac)))
1062 strcpyW(account, ac);
1064 if (domainSize) *domainSize = strlenW(dm)+1;
1065 if (domain && (*domainSize > strlenW(dm)))
1068 if (name_use) *name_use = SidTypeUser;
1072 /******************************************************************************
1073 * SetFileSecurityA [ADVAPI32.@]
1074 * Sets the security of a file or directory
1076 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1077 SECURITY_INFORMATION RequestedInformation,
1078 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1080 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
1084 /******************************************************************************
1085 * SetFileSecurityW [ADVAPI32.@]
1086 * Sets the security of a file or directory
1090 * RequestedInformation []
1091 * pSecurityDescriptor []
1094 SetFileSecurityW( LPCWSTR lpFileName,
1095 SECURITY_INFORMATION RequestedInformation,
1096 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1098 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1102 /******************************************************************************
1103 * QueryWindows31FilesMigration [ADVAPI32.@]
1109 QueryWindows31FilesMigration( DWORD x1 )
1111 FIXME("(%ld):stub\n",x1);
1115 /******************************************************************************
1116 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1125 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1128 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1132 /******************************************************************************
1133 * LsaOpenPolicy [ADVAPI32.@]
1143 IN PLSA_UNICODE_STRING SystemName,
1144 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1145 IN ACCESS_MASK DesiredAccess,
1146 IN OUT PLSA_HANDLE PolicyHandle)
1148 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1149 SystemName?debugstr_w(SystemName->Buffer):"null",
1150 ObjectAttributes, DesiredAccess, PolicyHandle);
1151 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1152 STATUS_ACCESS_VIOLATION);
1153 dumpLsaAttributes(ObjectAttributes);
1154 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1155 return STATUS_SUCCESS;
1158 /******************************************************************************
1159 * LsaQueryInformationPolicy [ADVAPI32.@]
1162 LsaQueryInformationPolicy(
1163 IN LSA_HANDLE PolicyHandle,
1164 IN POLICY_INFORMATION_CLASS InformationClass,
1167 FIXME("(%p,0x%08x,%p):stub\n",
1168 PolicyHandle, InformationClass, Buffer);
1170 if(!Buffer) return FALSE;
1171 switch (InformationClass)
1173 case PolicyAuditEventsInformation: /* 2 */
1175 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1176 p->AuditingMode = FALSE; /* no auditing */
1180 case PolicyPrimaryDomainInformation: /* 3 */
1181 case PolicyAccountDomainInformation: /* 5 */
1184 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1187 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1189 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1191 BOOL useDefault = TRUE;
1194 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1195 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1196 KEY_READ, &key)) == ERROR_SUCCESS)
1199 static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1201 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1202 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1204 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1205 HEAP_ZERO_MEMORY, size);
1206 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1207 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1209 xdi->ppdi.Name.Length = (USHORT)size;
1214 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1215 xdi->ppdi.Name.Buffer = NULL;
1221 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1222 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1224 xdi->ppdi.Sid = &(xdi->sid);
1225 xdi->sid.Revision = SID_REVISION;
1226 xdi->sid.SubAuthorityCount = 1;
1227 xdi->sid.IdentifierAuthority = localSidAuthority;
1228 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1232 case PolicyAuditLogInformation:
1233 case PolicyPdAccountInformation:
1234 case PolicyLsaServerRoleInformation:
1235 case PolicyReplicaSourceInformation:
1236 case PolicyDefaultQuotaInformation:
1237 case PolicyModificationInformation:
1238 case PolicyAuditFullSetInformation:
1239 case PolicyAuditFullQueryInformation:
1240 case PolicyDnsDomainInformation:
1242 FIXME("category not implemented\n");
1249 /******************************************************************************
1250 * LsaLookupSids [ADVAPI32.@]
1255 LSA_UNICODE_STRING Name;
1257 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
1261 LSA_UNICODE_STRING Name;
1263 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
1268 PLSA_TRUST_INFORMATION Domains;
1269 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
1273 IN LSA_HANDLE PolicyHandle,
1276 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1277 OUT PLSA_TRANSLATED_NAME *Names )
1279 FIXME("%p %lu %p %p %p\n",
1280 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1284 /******************************************************************************
1285 * LsaFreeMemory [ADVAPI32.@]
1288 LsaFreeMemory(IN PVOID Buffer)
1290 TRACE("(%p)\n",Buffer);
1291 return HeapFree(GetProcessHeap(), 0, Buffer);
1293 /******************************************************************************
1294 * LsaClose [ADVAPI32.@]
1297 LsaClose(IN LSA_HANDLE ObjectHandle)
1299 FIXME("(%p):stub\n",ObjectHandle);
1303 /******************************************************************************
1304 * LsaNtStatusToWinError [ADVAPI32.@]
1310 LsaNtStatusToWinError(NTSTATUS Status)
1312 return RtlNtStatusToDosError(Status);
1315 /******************************************************************************
1316 * NotifyBootConfigStatus [ADVAPI32.@]
1322 NotifyBootConfigStatus( DWORD x1 )
1324 FIXME("(0x%08lx):stub\n",x1);
1328 /******************************************************************************
1329 * RevertToSelf [ADVAPI32.@]
1335 RevertToSelf( void )
1337 FIXME("(), stub\n");
1341 /******************************************************************************
1342 * ImpersonateSelf [ADVAPI32.@]
1345 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1347 return RtlImpersonateSelf(ImpersonationLevel);
1350 /******************************************************************************
1351 * ImpersonateLoggedOnUser [ADVAPI32.@]
1353 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1355 FIXME("(%p):stub returning FALSE\n", hToken);
1359 /******************************************************************************
1360 * AccessCheck [ADVAPI32.@]
1362 * FIXME check cast LPBOOL to PBOOLEAN
1366 PSECURITY_DESCRIPTOR SecurityDescriptor,
1368 DWORD DesiredAccess,
1369 PGENERIC_MAPPING GenericMapping,
1370 PPRIVILEGE_SET PrivilegeSet,
1371 LPDWORD PrivilegeSetLength,
1372 LPDWORD GrantedAccess,
1373 LPBOOL AccessStatus)
1375 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1376 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1380 /******************************************************************************
1381 * AccessCheckByType [ADVAPI32.@]
1383 BOOL WINAPI AccessCheckByType(
1384 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1385 PSID PrincipalSelfSid,
1387 DWORD DesiredAccess,
1388 POBJECT_TYPE_LIST ObjectTypeList,
1389 DWORD ObjectTypeListLength,
1390 PGENERIC_MAPPING GenericMapping,
1391 PPRIVILEGE_SET PrivilegeSet,
1392 LPDWORD PrivilegeSetLength,
1393 LPDWORD GrantedAccess,
1394 LPBOOL AccessStatus)
1398 *AccessStatus = TRUE;
1400 return !*AccessStatus;
1404 /*************************************************************************
1405 * SetKernelObjectSecurity [ADVAPI32.@]
1407 BOOL WINAPI SetKernelObjectSecurity (
1409 IN SECURITY_INFORMATION SecurityInformation,
1410 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1412 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1416 /******************************************************************************
1417 * AddAuditAccessAce [ADVAPI32.@]
1419 BOOL WINAPI AddAuditAccessAce(
1421 IN DWORD dwAceRevision,
1422 IN DWORD dwAccessMask,
1424 IN BOOL bAuditSuccess,
1425 IN BOOL bAuditFailure)
1431 /******************************************************************************
1432 * LookupAccountNameA [ADVAPI32.@]
1440 LPSTR ReferencedDomainName,
1441 IN OUT LPDWORD cbReferencedDomainName,
1442 OUT PSID_NAME_USE name_use )
1444 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1448 /******************************************************************************
1449 * PrivilegeCheck [ADVAPI32.@]
1451 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1453 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1459 /******************************************************************************
1460 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1462 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1463 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1464 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1465 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1467 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1468 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1469 SecurityDescriptor, DesiredAccess, GenericMapping,
1470 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1474 /******************************************************************************
1475 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1477 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1478 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1479 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1480 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1482 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1483 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1484 SecurityDescriptor, DesiredAccess, GenericMapping,
1485 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1490 /******************************************************************************
1491 * GetSecurityInfoExW [ADVAPI32.@]
1493 DWORD WINAPI GetSecurityInfoExW(
1494 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1495 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1496 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1497 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1501 return ERROR_BAD_PROVIDER;
1504 /******************************************************************************
1505 * BuildTrusteeWithSidA [ADVAPI32.@]
1507 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1509 FIXME("%p %p\n", pTrustee, pSid);
1512 /******************************************************************************
1513 * BuildTrusteeWithSidW [ADVAPI32.@]
1515 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1517 FIXME("%p %p\n", pTrustee, pSid);
1520 /******************************************************************************
1521 * SetEntriesInAclA [ADVAPI32.@]
1523 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1524 PACL OldAcl, PACL* NewAcl )
1526 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1527 return ERROR_CALL_NOT_IMPLEMENTED;
1530 /******************************************************************************
1531 * SetEntriesInAclW [ADVAPI32.@]
1533 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1534 PACL OldAcl, PACL* NewAcl )
1536 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1537 return ERROR_CALL_NOT_IMPLEMENTED;
1540 /******************************************************************************
1541 * SetNamedSecurityInfoA [ADVAPI32.@]
1543 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1544 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1545 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1547 FIXME("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1548 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1549 return ERROR_CALL_NOT_IMPLEMENTED;
1552 /******************************************************************************
1553 * AreAnyAccessesGranted [ADVAPI32.@]
1555 * Determines whether or not any of a set of specified access permissions have
1556 * been granted or not.
1559 * GrantedAccess [I] The permissions that have been granted.
1560 * DesiredAccess [I] The permissions that you want to have.
1563 * Nonzero if any of the permissions have been granted, zero if none of the
1564 * permissions have been granted.
1567 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess )
1569 return (GrantedAccess & DesiredAccess) != 0;
1572 /******************************************************************************
1573 * SetNamedSecurityInfoW [ADVAPI32.@]
1575 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1576 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1577 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1579 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1580 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1581 return ERROR_CALL_NOT_IMPLEMENTED;
1584 /******************************************************************************
1585 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1587 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1588 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1590 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1591 return ERROR_CALL_NOT_IMPLEMENTED;
1594 /******************************************************************************
1595 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1597 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1598 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1600 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1601 return ERROR_CALL_NOT_IMPLEMENTED;
1605 /******************************************************************************
1606 * ParseAclStringFlags
1608 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1611 LPCWSTR szAcl = *StringAcl;
1613 while (*szAcl != '(')
1617 flags |= SE_DACL_PROTECTED;
1619 else if (*szAcl == 'A')
1623 flags |= SE_DACL_AUTO_INHERIT_REQ;
1624 else if (*szAcl == 'I')
1625 flags |= SE_DACL_AUTO_INHERITED;
1634 /******************************************************************************
1635 * ParseAceStringType
1639 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1640 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1641 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1642 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1644 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1645 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1646 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1647 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1652 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1655 LPCWSTR szAcl = *StringAcl;
1656 LPACEFLAG lpaf = AceType;
1658 while (lpaf->wstr &&
1659 (len = strlenW(lpaf->wstr)) &&
1660 strncmpW(lpaf->wstr, szAcl, len))
1671 /******************************************************************************
1672 * ParseAceStringFlags
1674 ACEFLAG AceFlags[] =
1676 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
1677 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
1678 { SDDL_INHERITED, INHERITED_ACE },
1679 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
1680 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
1681 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
1682 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
1686 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
1690 LPCWSTR szAcl = *StringAcl;
1692 while (*szAcl != ';')
1694 LPACEFLAG lpaf = AceFlags;
1696 while (lpaf->wstr &&
1697 (len = strlenW(lpaf->wstr)) &&
1698 strncmpW(lpaf->wstr, szAcl, len))
1704 flags |= lpaf->value;
1713 /******************************************************************************
1714 * ParseAceStringRights
1716 ACEFLAG AceRights[] =
1718 { SDDL_GENERIC_ALL, GENERIC_ALL },
1719 { SDDL_GENERIC_READ, GENERIC_READ },
1720 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
1721 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
1722 { SDDL_READ_CONTROL, READ_CONTROL },
1723 { SDDL_STANDARD_DELETE, DELETE },
1724 { SDDL_WRITE_DAC, WRITE_DAC },
1725 { SDDL_WRITE_OWNER, WRITE_OWNER },
1729 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
1733 LPCWSTR szAcl = *StringAcl;
1735 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
1739 while (*p && *p != ';')
1744 rights = strtoulW(szAcl, NULL, 16);
1748 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
1752 while (*szAcl != ';')
1754 LPACEFLAG lpaf = AceRights;
1756 while (lpaf->wstr &&
1757 (len = strlenW(lpaf->wstr)) &&
1758 strncmpW(lpaf->wstr, szAcl, len))
1766 rights |= lpaf->value;
1776 /******************************************************************************
1777 * ParseStringAclToAcl
1779 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
1781 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
1782 PACL pAcl, LPDWORD cBytes)
1786 DWORD length = sizeof(ACL);
1787 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
1789 TRACE("%s\n", debugstr_w(StringAcl));
1794 if (pAcl) /* pAce is only useful if we're setting values */
1795 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
1797 /* Parse ACL flags */
1798 *lpdwFlags = ParseAclStringFlags(&StringAcl);
1801 while (*StringAcl == '(')
1805 /* Parse ACE type */
1806 val = ParseAceStringType(&StringAcl);
1808 pAce->Header.AceType = (BYTE) val;
1809 if (*StringAcl != ';')
1813 /* Parse ACE flags */
1814 val = ParseAceStringFlags(&StringAcl);
1816 pAce->Header.AceFlags = (BYTE) val;
1817 if (*StringAcl != ';')
1821 /* Parse ACE rights */
1822 val = ParseAceStringRights(&StringAcl);
1825 if (*StringAcl != ';')
1829 /* Parse ACE object guid */
1830 if (*StringAcl != ';')
1832 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1837 /* Parse ACE inherit object guid */
1838 if (*StringAcl != ';')
1840 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
1845 /* Parse ACE account sid */
1846 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
1848 while (*StringAcl && *StringAcl != ')')
1852 if (*StringAcl != ')')
1856 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1863 WARN("Invalid ACE string format\n");
1868 /******************************************************************************
1869 * ParseStringSecurityDescriptorToSecurityDescriptor
1871 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
1872 LPCWSTR StringSecurityDescriptor,
1873 PSECURITY_DESCRIPTOR SecurityDescriptor,
1878 WCHAR tok[MAX_PATH];
1880 LPBYTE lpNext = NULL;
1884 if (SecurityDescriptor)
1885 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
1887 while (*StringSecurityDescriptor)
1889 toktype = *StringSecurityDescriptor;
1891 /* Expect char identifier followed by ':' */
1892 StringSecurityDescriptor++;
1893 if (*StringSecurityDescriptor != ':')
1895 SetLastError(ERROR_INVALID_PARAMETER);
1898 StringSecurityDescriptor++;
1901 lptoken = StringSecurityDescriptor;
1902 while (*lptoken && *lptoken != ':')
1908 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
1916 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1919 if (SecurityDescriptor)
1921 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
1922 (DWORD) SecurityDescriptor);
1923 lpNext += bytes; /* Advance to next token */
1935 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1938 if (SecurityDescriptor)
1940 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
1941 (DWORD) SecurityDescriptor);
1942 lpNext += bytes; /* Advance to next token */
1955 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1958 if (SecurityDescriptor)
1960 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
1961 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
1962 (DWORD) SecurityDescriptor);
1963 lpNext += bytes; /* Advance to next token */
1976 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1979 if (SecurityDescriptor)
1981 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
1982 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
1983 (DWORD) SecurityDescriptor);
1984 lpNext += bytes; /* Advance to next token */
1993 FIXME("Unknown token\n");
1994 SetLastError(ERROR_INVALID_PARAMETER);
1998 StringSecurityDescriptor = lptoken;
2007 /******************************************************************************
2008 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2010 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
2011 LPCWSTR StringSecurityDescriptor,
2012 DWORD StringSDRevision,
2013 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2014 PULONG SecurityDescriptorSize)
2017 PSECURITY_DESCRIPTOR psd;
2020 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2022 if (GetVersion() & 0x80000000)
2024 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2027 else if (StringSDRevision != SID_REVISION)
2029 SetLastError(ERROR_UNKNOWN_REVISION);
2033 /* Compute security descriptor length */
2034 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2038 psd = *SecurityDescriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(
2039 GMEM_ZEROINIT, cBytes);
2041 psd->Revision = SID_REVISION;
2042 psd->Control |= SE_SELF_RELATIVE;
2044 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2051 if (SecurityDescriptorSize)
2052 *SecurityDescriptorSize = cBytes;
2057 TRACE(" ret=%d\n", bret);
2061 /******************************************************************************
2062 * ConvertStringSidToSidW [ADVAPI32.@]
2064 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2069 if (GetVersion() & 0x80000000)
2070 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2071 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2073 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2075 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2083 /******************************************************************************
2084 * ComputeStringSidSize
2086 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2089 DWORD size = sizeof(SID);
2093 if (*StringSid == '-')
2099 size += (ctok - 3) * sizeof(DWORD);
2104 /******************************************************************************
2105 * ParseStringSidToSid
2107 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2113 SetLastError(ERROR_INVALID_PARAMETER);
2117 *cBytes = ComputeStringSidSize(StringSid);
2118 if (!pSid) /* Simply compute the size */
2121 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2124 int csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2126 StringSid += 2; /* Advance to Revision */
2127 pSid->Revision = atoiW(StringSid);
2129 if (pSid->Revision != SDDL_REVISION)
2130 goto lend; /* ERROR_INVALID_SID */
2132 pSid->SubAuthorityCount = csubauth;
2134 while (*StringSid && *StringSid != '-')
2135 StringSid++; /* Advance to identifier authority */
2137 pSid->IdentifierAuthority.Value[5] = atoiW(StringSid);
2139 if (pSid->IdentifierAuthority.Value[5] > 5)
2140 goto lend; /* ERROR_INVALID_SID */
2144 while (*StringSid && *StringSid != '-')
2147 pSid->SubAuthority[i++] = atoiW(StringSid);
2150 if (i != pSid->SubAuthorityCount)
2151 goto lend; /* ERROR_INVALID_SID */
2155 else /* String constant format - Only available in winxp and above */
2157 pSid->Revision = SDDL_REVISION;
2158 pSid->SubAuthorityCount = 1;
2160 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2162 /* TODO: Lookup string of well-known SIDs in table */
2163 pSid->IdentifierAuthority.Value[5] = 0;
2164 pSid->SubAuthority[0] = 0;
2171 SetLastError(ERROR_INVALID_SID);
2176 /******************************************************************************
2177 * GetNamedSecurityInfoA [ADVAPI32.@]
2179 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2180 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2181 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2182 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2184 FIXME("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2185 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2186 return ERROR_CALL_NOT_IMPLEMENTED;
2189 /******************************************************************************
2190 * GetNamedSecurityInfoW [ADVAPI32.@]
2192 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2193 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2194 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2195 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2197 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2198 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2199 return ERROR_CALL_NOT_IMPLEMENTED;