2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * FIXME: for all functions thunking down to Rtl* functions: implement SetLastError()
36 #include "wine/debug.h"
37 #include "wine/unicode.h"
39 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
41 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
42 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
43 PACL pAcl, LPDWORD cBytes);
44 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl);
45 static BYTE ParseAceStringType(LPCWSTR* StringAcl);
46 static DWORD ParseAceStringRights(LPCWSTR* StringAcl);
47 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
48 LPCWSTR StringSecurityDescriptor,
49 PSECURITY_DESCRIPTOR SecurityDescriptor,
51 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl);
53 typedef struct _ACEFLAG
57 } ACEFLAG, *LPACEFLAG;
62 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0};
63 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0};
64 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0};
65 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0};
66 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0};
67 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0};
68 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0};
69 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0};
74 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
75 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
76 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
77 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
78 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
79 static const WCHAR SDDL_ALARM[] = {'A','L',0};
80 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
81 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0};
86 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
87 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
88 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
89 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
90 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
91 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
92 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
94 #define CallWin32ToNt(func) \
97 if (ret !=STATUS_SUCCESS) \
98 { SetLastError (RtlNtStatusToDosError(ret)); return FALSE; } \
102 static void dumpLsaAttributes( PLSA_OBJECT_ATTRIBUTES oa )
106 TRACE("\n\tlength=%lu, rootdir=%p, objectname=%s\n\tattr=0x%08lx, sid=%p qos=%p\n",
107 oa->Length, oa->RootDirectory,
108 oa->ObjectName?debugstr_w(oa->ObjectName->Buffer):"null",
109 oa->Attributes, oa->SecurityDescriptor, oa->SecurityQualityOfService);
113 /************************************************************
114 * ADVAPI_IsLocalComputer
116 * Checks whether the server name indicates local machine.
118 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
126 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
130 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR));
131 Result = GetComputerNameW(buf, &dwSize);
132 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
134 Result = Result && !lstrcmpW(ServerName, buf);
135 HeapFree(GetProcessHeap(), 0, buf);
141 #define ADVAPI_ForceLocalComputer(ServerName, FailureCode) \
142 if (!ADVAPI_IsLocalComputer(ServerName)) \
144 FIXME("Action Implemented for local computer only. " \
145 "Requested for server %s\n", debugstr_w(ServerName)); \
146 return FailureCode; \
149 /* ##############################
150 ###### TOKEN FUNCTIONS ######
151 ##############################
154 /******************************************************************************
155 * OpenProcessToken [ADVAPI32.@]
156 * Opens the access token associated with a process handle.
159 * ProcessHandle [I] Handle to process
160 * DesiredAccess [I] Desired access to process
161 * TokenHandle [O] Pointer to handle of open access token
164 * Success: TRUE. TokenHandle contains the access token.
168 * See NtOpenProcessToken.
171 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess,
172 HANDLE *TokenHandle )
174 CallWin32ToNt(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle ));
177 /******************************************************************************
178 * OpenThreadToken [ADVAPI32.@]
180 * Opens the access token associated with a thread handle.
183 * ThreadHandle [I] Handle to process
184 * DesiredAccess [I] Desired access to the thread
186 * TokenHandle [O] Destination for the token handle
189 * Success: TRUE. TokenHandle contains the access token.
193 * See NtOpenThreadToken.
196 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
197 BOOL OpenAsSelf, HANDLE *TokenHandle)
199 CallWin32ToNt (NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
202 /******************************************************************************
203 * AdjustTokenPrivileges [ADVAPI32.@]
205 * Adjust the privileges of an open token handle.
208 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
209 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState
210 * NewState [I] Desired new privileges of the token
211 * BufferLength [I] Length of NewState
212 * PreviousState [O] Destination for the previous state
213 * ReturnLength [I/O] Size of PreviousState
217 * Success: TRUE. Privileges are set to NewState and PreviousState is updated.
221 * See NtAdjustPrivilegesToken.
224 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges,
225 LPVOID NewState, DWORD BufferLength,
226 LPVOID PreviousState, LPDWORD ReturnLength )
228 CallWin32ToNt(NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, NewState, BufferLength, PreviousState, ReturnLength));
231 /******************************************************************************
232 * CheckTokenMembership [ADVAPI32.@]
234 * Determine if an access token is a member of a SID.
237 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken()
238 * SidToCheck [I] SID that possibly contains the token
239 * IsMember [O] Destination for result.
242 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise.
246 CheckTokenMembership( HANDLE TokenHandle, PSID SidToCheck,
249 FIXME("(%p %p %p) stub!\n", TokenHandle, SidToCheck, IsMember);
255 /******************************************************************************
256 * GetTokenInformation [ADVAPI32.@]
259 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
260 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
261 * tokeninfo [O] Destination for token information
262 * tokeninfolength [I] Length of tokeninfo
263 * retlen [O] Destination for returned token information length
266 * Success: TRUE. tokeninfo contains retlen bytes of token information
270 * See NtQueryInformationToken.
273 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
274 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen )
276 TRACE("(%p, %s, %p, %ld, %p): \n",
278 (tokeninfoclass == TokenUser) ? "TokenUser" :
279 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
280 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
281 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
282 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
283 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
284 (tokeninfoclass == TokenSource) ? "TokenSource" :
285 (tokeninfoclass == TokenType) ? "TokenType" :
286 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
287 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
288 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
289 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
290 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
291 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
292 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
294 tokeninfo, tokeninfolength, retlen);
295 CallWin32ToNt (NtQueryInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength, retlen));
298 /******************************************************************************
299 * SetTokenInformation [ADVAPI32.@]
301 * Set information for an access token.
304 * token [I] Handle from OpenProcessToken() or OpenThreadToken()
305 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h"
306 * tokeninfo [I] Token information to set
307 * tokeninfolength [I] Length of tokeninfo
310 * Success: TRUE. The information for the token is set to tokeninfo.
314 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass,
315 LPVOID tokeninfo, DWORD tokeninfolength )
317 FIXME("(%p, %s, %p, %ld): stub\n",
319 (tokeninfoclass == TokenUser) ? "TokenUser" :
320 (tokeninfoclass == TokenGroups) ? "TokenGroups" :
321 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" :
322 (tokeninfoclass == TokenOwner) ? "TokenOwner" :
323 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" :
324 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" :
325 (tokeninfoclass == TokenSource) ? "TokenSource" :
326 (tokeninfoclass == TokenType) ? "TokenType" :
327 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" :
328 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" :
329 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" :
330 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" :
331 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" :
332 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" :
333 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" :
335 tokeninfo, tokeninfolength);
337 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
342 /*************************************************************************
343 * SetThreadToken [ADVAPI32.@]
345 * Assigns an 'impersonation token' to a thread so it can assume the
346 * security privledges of another thread or process. Can also remove
347 * a previously assigned token.
350 * thread [O] Handle to thread to set the token for
351 * token [I] Token to set
354 * Success: TRUE. The threads access token is set to token
358 * Only supported on NT or higher. On Win9X this function does nothing.
359 * See SetTokenInformation.
361 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token)
363 FIXME("(%p, %p): stub (NT impl. only)\n", thread, token);
365 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
370 /* ##############################
371 ###### SID FUNCTIONS ######
372 ##############################
375 /******************************************************************************
376 * AllocateAndInitializeSid [ADVAPI32.@]
379 * pIdentifierAuthority []
380 * nSubAuthorityCount []
392 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
393 BYTE nSubAuthorityCount,
394 DWORD nSubAuthority0, DWORD nSubAuthority1,
395 DWORD nSubAuthority2, DWORD nSubAuthority3,
396 DWORD nSubAuthority4, DWORD nSubAuthority5,
397 DWORD nSubAuthority6, DWORD nSubAuthority7,
400 CallWin32ToNt (RtlAllocateAndInitializeSid(
401 pIdentifierAuthority, nSubAuthorityCount,
402 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
403 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
407 /******************************************************************************
408 * FreeSid [ADVAPI32.@]
417 return NULL; /* is documented like this */
420 /******************************************************************************
421 * CopySid [ADVAPI32.@]
424 * nDestinationSidLength []
429 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
431 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid);
434 /******************************************************************************
435 * IsValidSid [ADVAPI32.@]
441 IsValidSid( PSID pSid )
443 return RtlValidSid( pSid );
446 /******************************************************************************
447 * EqualSid [ADVAPI32.@]
454 EqualSid( PSID pSid1, PSID pSid2 )
456 return RtlEqualSid( pSid1, pSid2 );
459 /******************************************************************************
460 * EqualPrefixSid [ADVAPI32.@]
462 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2)
464 return RtlEqualPrefixSid(pSid1, pSid2);
467 /******************************************************************************
468 * GetSidLengthRequired [ADVAPI32.@]
471 * nSubAuthorityCount []
474 GetSidLengthRequired( BYTE nSubAuthorityCount )
476 return RtlLengthRequiredSid(nSubAuthorityCount);
479 /******************************************************************************
480 * InitializeSid [ADVAPI32.@]
483 * pIdentifierAuthority []
488 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
489 BYTE nSubAuthorityCount)
491 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount);
494 /******************************************************************************
495 * GetSidIdentifierAuthority [ADVAPI32.@]
500 PSID_IDENTIFIER_AUTHORITY WINAPI
501 GetSidIdentifierAuthority( PSID pSid )
503 return RtlIdentifierAuthoritySid(pSid);
506 /******************************************************************************
507 * GetSidSubAuthority [ADVAPI32.@]
514 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority )
516 return RtlSubAuthoritySid(pSid, nSubAuthority);
519 /******************************************************************************
520 * GetSidSubAuthorityCount [ADVAPI32.@]
526 GetSidSubAuthorityCount (PSID pSid)
528 return RtlSubAuthorityCountSid(pSid);
531 /******************************************************************************
532 * GetLengthSid [ADVAPI32.@]
538 GetLengthSid (PSID pSid)
540 return RtlLengthSid(pSid);
543 /* ##############################################
544 ###### SECURITY DESCRIPTOR FUNCTIONS ######
545 ##############################################
548 /******************************************************************************
549 * InitializeSecurityDescriptor [ADVAPI32.@]
556 InitializeSecurityDescriptor( SECURITY_DESCRIPTOR *pDescr, DWORD revision )
558 CallWin32ToNt (RtlCreateSecurityDescriptor(pDescr, revision ));
562 /******************************************************************************
563 * MakeAbsoluteSD [ADVAPI32.@]
565 BOOL WINAPI MakeAbsoluteSD (
566 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
567 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
568 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize,
570 OUT LPDWORD lpdwDaclSize,
572 OUT LPDWORD lpdwSaclSize,
574 OUT LPDWORD lpdwOwnerSize,
575 OUT PSID pPrimaryGroup,
576 OUT LPDWORD lpdwPrimaryGroupSize)
578 CallWin32ToNt (RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
579 pAbsoluteSecurityDescriptor, lpdwAbsoluteSecurityDescriptorSize,
580 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, pOwner, lpdwOwnerSize,
581 pPrimaryGroup, lpdwPrimaryGroupSize));
585 /******************************************************************************
586 * GetSecurityDescriptorLength [ADVAPI32.@]
588 DWORD WINAPI GetSecurityDescriptorLength( SECURITY_DESCRIPTOR *pDescr)
590 return (RtlLengthSecurityDescriptor(pDescr));
593 /******************************************************************************
594 * GetSecurityDescriptorOwner [ADVAPI32.@]
598 * lpbOwnerDefaulted []
601 GetSecurityDescriptorOwner( SECURITY_DESCRIPTOR *pDescr, PSID *pOwner,
602 LPBOOL lpbOwnerDefaulted )
604 CallWin32ToNt (RtlGetOwnerSecurityDescriptor( pDescr, pOwner, (PBOOLEAN)lpbOwnerDefaulted ));
607 /******************************************************************************
608 * SetSecurityDescriptorOwner [ADVAPI32.@]
612 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor,
613 PSID pOwner, BOOL bOwnerDefaulted)
615 CallWin32ToNt (RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted));
617 /******************************************************************************
618 * GetSecurityDescriptorGroup [ADVAPI32.@]
620 BOOL WINAPI GetSecurityDescriptorGroup(
621 PSECURITY_DESCRIPTOR SecurityDescriptor,
623 LPBOOL GroupDefaulted)
625 CallWin32ToNt (RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, (PBOOLEAN)GroupDefaulted));
627 /******************************************************************************
628 * SetSecurityDescriptorGroup [ADVAPI32.@]
630 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor,
631 PSID Group, BOOL GroupDefaulted)
633 CallWin32ToNt (RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted));
636 /******************************************************************************
637 * IsValidSecurityDescriptor [ADVAPI32.@]
643 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor )
645 CallWin32ToNt (RtlValidSecurityDescriptor(SecurityDescriptor));
648 /******************************************************************************
649 * GetSecurityDescriptorDacl [ADVAPI32.@]
651 BOOL WINAPI GetSecurityDescriptorDacl(
652 IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
653 OUT LPBOOL lpbDaclPresent,
655 OUT LPBOOL lpbDaclDefaulted)
657 CallWin32ToNt (RtlGetDaclSecurityDescriptor(pSecurityDescriptor, (PBOOLEAN)lpbDaclPresent,
658 pDacl, (PBOOLEAN)lpbDaclDefaulted));
661 /******************************************************************************
662 * SetSecurityDescriptorDacl [ADVAPI32.@]
665 SetSecurityDescriptorDacl (
666 PSECURITY_DESCRIPTOR lpsd,
671 CallWin32ToNt (RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ));
673 /******************************************************************************
674 * GetSecurityDescriptorSacl [ADVAPI32.@]
676 BOOL WINAPI GetSecurityDescriptorSacl(
677 IN PSECURITY_DESCRIPTOR lpsd,
678 OUT LPBOOL lpbSaclPresent,
680 OUT LPBOOL lpbSaclDefaulted)
682 CallWin32ToNt (RtlGetSaclSecurityDescriptor(lpsd,
683 (PBOOLEAN)lpbSaclPresent, pSacl, (PBOOLEAN)lpbSaclDefaulted));
686 /**************************************************************************
687 * SetSecurityDescriptorSacl [ADVAPI32.@]
689 BOOL WINAPI SetSecurityDescriptorSacl (
690 PSECURITY_DESCRIPTOR lpsd,
695 CallWin32ToNt (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted));
697 /******************************************************************************
698 * MakeSelfRelativeSD [ADVAPI32.@]
707 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
708 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
709 IN OUT LPDWORD lpdwBufferLength)
711 CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength));
714 /******************************************************************************
715 * GetSecurityDescriptorControl [ADVAPI32.@]
718 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor,
719 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
721 CallWin32ToNt (RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision));
724 /* ##############################
725 ###### ACL FUNCTIONS ######
726 ##############################
729 /*************************************************************************
730 * InitializeAcl [ADVAPI32.@]
732 DWORD WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev)
734 CallWin32ToNt (RtlCreateAcl(acl, size, rev));
737 /******************************************************************************
738 * AddAccessAllowedAce [ADVAPI32.@]
740 BOOL WINAPI AddAccessAllowedAce(
742 IN DWORD dwAceRevision,
746 CallWin32ToNt(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid));
749 /******************************************************************************
750 * AddAccessAllowedAceEx [ADVAPI32.@]
752 BOOL WINAPI AddAccessAllowedAceEx(
754 IN DWORD dwAceRevision,
759 CallWin32ToNt(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
762 /******************************************************************************
763 * AddAccessDeniedAce [ADVAPI32.@]
765 BOOL WINAPI AddAccessDeniedAce(
767 IN DWORD dwAceRevision,
771 CallWin32ToNt(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid));
774 /******************************************************************************
775 * AddAccessDeniedAceEx [ADVAPI32.@]
777 BOOL WINAPI AddAccessDeniedAceEx(
779 IN DWORD dwAceRevision,
784 CallWin32ToNt(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid));
787 /******************************************************************************
788 * AddAce [ADVAPI32.@]
792 IN DWORD dwAceRevision,
793 IN DWORD dwStartingAceIndex,
795 DWORD nAceListLength)
797 CallWin32ToNt(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength));
800 /******************************************************************************
801 * DeleteAce [ADVAPI32.@]
803 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
805 CallWin32ToNt(RtlDeleteAce(pAcl, dwAceIndex));
808 /******************************************************************************
809 * FindFirstFreeAce [ADVAPI32.@]
811 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce)
813 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce);
816 /******************************************************************************
817 * GetAce [ADVAPI32.@]
819 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
821 CallWin32ToNt(RtlGetAce(pAcl, dwAceIndex, pAce));
824 /******************************************************************************
825 * GetAclInformation [ADVAPI32.@]
827 BOOL WINAPI GetAclInformation(
829 LPVOID pAclInformation,
830 DWORD nAclInformationLength,
831 ACL_INFORMATION_CLASS dwAclInformationClass)
833 CallWin32ToNt(RtlQueryInformationAcl(pAcl, pAclInformation,
834 nAclInformationLength, dwAclInformationClass));
837 /******************************************************************************
838 * IsValidAcl [ADVAPI32.@]
840 BOOL WINAPI IsValidAcl(IN PACL pAcl)
842 return RtlValidAcl(pAcl);
845 /* ##############################
846 ###### MISC FUNCTIONS ######
847 ##############################
850 static const char * const DefaultPrivNames[] =
853 "SeCreateTokenPrivilege", "SeAssignPrimaryTokenPrivilege",
854 "SeLockMemoryPrivilege", "SeIncreaseQuotaPrivilege",
855 "SeMachineAccountPrivilege", "SeTcbPrivilege",
856 "SeSecurityPrivilege", "SeTakeOwnershipPrivilege",
857 "SeLoadDriverPrivilege", "SeSystemProfilePrivilege",
858 "SeSystemtimePrivilege", "SeProfileSingleProcessPrivilege",
859 "SeIncreaseBasePriorityPrivilege", "SeCreatePagefilePrivilege",
860 "SeCreatePermanentPrivilege", "SeBackupPrivilege",
861 "SeRestorePrivilege", "SeShutdownPrivilege",
862 "SeDebugPrivilege", "SeAuditPrivilege",
863 "SeSystemEnvironmentPrivilege", "SeChangeNotifyPrivilege",
864 "SeRemoteShutdownPrivilege",
866 #define NUMPRIVS (sizeof DefaultPrivNames/sizeof DefaultPrivNames[0])
868 /******************************************************************************
869 * LookupPrivilegeValueW [ADVAPI32.@]
871 * See LookupPrivilegeValueA.
874 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid )
879 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid);
881 for( i=0; i<NUMPRIVS; i++ )
883 if( !DefaultPrivNames[i] )
885 MultiByteToWideChar( CP_ACP, 0, DefaultPrivNames[i], -1,
887 if( strcmpW( priv, lpName) )
890 lpLuid->HighPart = 0;
891 TRACE( "%s -> %08lx-%08lx\n",debugstr_w( lpSystemName ),
892 lpLuid->HighPart, lpLuid->LowPart );
898 /******************************************************************************
899 * LookupPrivilegeValueA [ADVAPI32.@]
901 * Retrieves LUID used on a system to represent the privilege name.
904 * lpSystemName [I] Name of the system
905 * lpName [I] Name of the privilege
906 * pLuid [O] Destination for the resulting LUID
909 * Success: TRUE. pLuid contains the requested LUID.
913 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
915 UNICODE_STRING lpSystemNameW;
916 UNICODE_STRING lpNameW;
919 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
920 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName);
921 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid);
922 RtlFreeUnicodeString(&lpNameW);
923 RtlFreeUnicodeString(&lpSystemNameW);
928 /******************************************************************************
929 * LookupPrivilegeNameA [ADVAPI32.@]
932 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
934 FIXME("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
938 /******************************************************************************
939 * LookupPrivilegeNameW [ADVAPI32.@]
942 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
944 FIXME("%s %p %p %p\n", debugstr_w(lpSystemName), lpLuid, lpName, cchName);
948 /******************************************************************************
949 * GetFileSecurityA [ADVAPI32.@]
951 * Obtains Specified information about the security of a file or directory.
954 * lpFileName [I] Name of the file to get info for
955 * RequestedInformation [I] SE_ flags from "winnt.h"
956 * pSecurityDescriptor [O] Destination for security information
957 * nLength [I] Length of pSecurityDescriptor
958 * lpnLengthNeeded [O] Destination for length of returned security information
961 * Success: TRUE. pSecurityDescriptor contains the requested information.
962 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
965 * The information returned is constrained by the callers access rights and
969 GetFileSecurityA( LPCSTR lpFileName,
970 SECURITY_INFORMATION RequestedInformation,
971 PSECURITY_DESCRIPTOR pSecurityDescriptor,
972 DWORD nLength, LPDWORD lpnLengthNeeded )
974 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
978 /******************************************************************************
979 * GetFileSecurityW [ADVAPI32.@]
981 * See GetFileSecurityA.
984 GetFileSecurityW( LPCWSTR lpFileName,
985 SECURITY_INFORMATION RequestedInformation,
986 PSECURITY_DESCRIPTOR pSecurityDescriptor,
987 DWORD nLength, LPDWORD lpnLengthNeeded )
989 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
994 /******************************************************************************
995 * LookupAccountSidA [ADVAPI32.@]
1002 IN OUT LPDWORD accountSize,
1004 IN OUT LPDWORD domainSize,
1005 OUT PSID_NAME_USE name_use )
1007 static const char ac[] = "Administrator";
1008 static const char dm[] = "DOMAIN";
1009 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1010 debugstr_a(system),sid,
1011 account,accountSize,accountSize?*accountSize:0,
1012 domain,domainSize,domainSize?*domainSize:0,
1015 if (accountSize) *accountSize = strlen(ac)+1;
1016 if (account && (*accountSize > strlen(ac)))
1017 strcpy(account, ac);
1019 if (domainSize) *domainSize = strlen(dm)+1;
1020 if (domain && (*domainSize > strlen(dm)))
1023 if (name_use) *name_use = SidTypeUser;
1027 /******************************************************************************
1028 * LookupAccountSidW [ADVAPI32.@]
1044 IN OUT LPDWORD accountSize,
1046 IN OUT LPDWORD domainSize,
1047 OUT PSID_NAME_USE name_use )
1049 static const WCHAR ac[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0};
1050 static const WCHAR dm[] = {'D','O','M','A','I','N',0};
1051 FIXME("(%s,sid=%p,%p,%p(%lu),%p,%p(%lu),%p): semi-stub\n",
1052 debugstr_w(system),sid,
1053 account,accountSize,accountSize?*accountSize:0,
1054 domain,domainSize,domainSize?*domainSize:0,
1057 if (accountSize) *accountSize = strlenW(ac)+1;
1058 if (account && (*accountSize > strlenW(ac)))
1059 strcpyW(account, ac);
1061 if (domainSize) *domainSize = strlenW(dm)+1;
1062 if (domain && (*domainSize > strlenW(dm)))
1065 if (name_use) *name_use = SidTypeUser;
1069 /******************************************************************************
1070 * SetFileSecurityA [ADVAPI32.@]
1071 * Sets the security of a file or directory
1073 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName,
1074 SECURITY_INFORMATION RequestedInformation,
1075 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1077 FIXME("(%s) : stub\n", debugstr_a(lpFileName));
1081 /******************************************************************************
1082 * SetFileSecurityW [ADVAPI32.@]
1083 * Sets the security of a file or directory
1087 * RequestedInformation []
1088 * pSecurityDescriptor []
1091 SetFileSecurityW( LPCWSTR lpFileName,
1092 SECURITY_INFORMATION RequestedInformation,
1093 PSECURITY_DESCRIPTOR pSecurityDescriptor )
1095 FIXME("(%s) : stub\n", debugstr_w(lpFileName) );
1099 /******************************************************************************
1100 * QueryWindows31FilesMigration [ADVAPI32.@]
1106 QueryWindows31FilesMigration( DWORD x1 )
1108 FIXME("(%ld):stub\n",x1);
1112 /******************************************************************************
1113 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1122 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1125 FIXME("(0x%08lx,0x%08lx,0x%08lx,0x%08lx):stub\n",x1,x2,x3,x4);
1129 /******************************************************************************
1130 * LsaOpenPolicy [ADVAPI32.@]
1140 IN PLSA_UNICODE_STRING SystemName,
1141 IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
1142 IN ACCESS_MASK DesiredAccess,
1143 IN OUT PLSA_HANDLE PolicyHandle)
1145 FIXME("(%s,%p,0x%08lx,%p):stub\n",
1146 SystemName?debugstr_w(SystemName->Buffer):"null",
1147 ObjectAttributes, DesiredAccess, PolicyHandle);
1148 ADVAPI_ForceLocalComputer(SystemName ? SystemName->Buffer : NULL,
1149 STATUS_ACCESS_VIOLATION);
1150 dumpLsaAttributes(ObjectAttributes);
1151 if(PolicyHandle) *PolicyHandle = (LSA_HANDLE)0xcafe;
1152 return STATUS_SUCCESS;
1155 /******************************************************************************
1156 * LsaQueryInformationPolicy [ADVAPI32.@]
1159 LsaQueryInformationPolicy(
1160 IN LSA_HANDLE PolicyHandle,
1161 IN POLICY_INFORMATION_CLASS InformationClass,
1164 FIXME("(%p,0x%08x,%p):stub\n",
1165 PolicyHandle, InformationClass, Buffer);
1167 if(!Buffer) return FALSE;
1168 switch (InformationClass)
1170 case PolicyAuditEventsInformation: /* 2 */
1172 PPOLICY_AUDIT_EVENTS_INFO p = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(POLICY_AUDIT_EVENTS_INFO));
1173 p->AuditingMode = FALSE; /* no auditing */
1177 case PolicyPrimaryDomainInformation: /* 3 */
1178 case PolicyAccountDomainInformation: /* 5 */
1181 { POLICY_PRIMARY_DOMAIN_INFO ppdi;
1184 SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY};
1186 struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(xdi));
1188 BOOL useDefault = TRUE;
1191 if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE,
1192 "System\\CurrentControlSet\\Services\\VxD\\VNETSUP", 0,
1193 KEY_READ, &key)) == ERROR_SUCCESS)
1196 WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
1198 ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
1199 if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
1201 xdi->ppdi.Name.Buffer = HeapAlloc(GetProcessHeap(),
1202 HEAP_ZERO_MEMORY, size);
1203 if ((ret = RegQueryValueExW(key, wg, NULL, NULL,
1204 (LPBYTE)xdi->ppdi.Name.Buffer, &size)) == ERROR_SUCCESS)
1206 xdi->ppdi.Name.Length = (USHORT)size;
1211 HeapFree(GetProcessHeap(), 0, xdi->ppdi.Name.Buffer);
1212 xdi->ppdi.Name.Buffer = NULL;
1218 RtlCreateUnicodeStringFromAsciiz(&(xdi->ppdi.Name), "DOMAIN");
1219 TRACE("setting domain to %s\n", debugstr_w(xdi->ppdi.Name.Buffer));
1221 xdi->ppdi.Sid = &(xdi->sid);
1222 xdi->sid.Revision = SID_REVISION;
1223 xdi->sid.SubAuthorityCount = 1;
1224 xdi->sid.IdentifierAuthority = localSidAuthority;
1225 xdi->sid.SubAuthority[0] = SECURITY_LOCAL_SYSTEM_RID;
1229 case PolicyAuditLogInformation:
1230 case PolicyPdAccountInformation:
1231 case PolicyLsaServerRoleInformation:
1232 case PolicyReplicaSourceInformation:
1233 case PolicyDefaultQuotaInformation:
1234 case PolicyModificationInformation:
1235 case PolicyAuditFullSetInformation:
1236 case PolicyAuditFullQueryInformation:
1237 case PolicyDnsDomainInformation:
1239 FIXME("category not implemented\n");
1246 /******************************************************************************
1247 * LsaLookupSids [ADVAPI32.@]
1252 LSA_UNICODE_STRING Name;
1254 } LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
1258 LSA_UNICODE_STRING Name;
1260 } LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
1265 PLSA_TRUST_INFORMATION Domains;
1266 } LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
1270 IN LSA_HANDLE PolicyHandle,
1273 OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1274 OUT PLSA_TRANSLATED_NAME *Names )
1276 FIXME("%p %lu %p %p %p\n",
1277 PolicyHandle, Count, Sids, ReferencedDomains, Names);
1281 /******************************************************************************
1282 * LsaFreeMemory [ADVAPI32.@]
1285 LsaFreeMemory(IN PVOID Buffer)
1287 TRACE("(%p)\n",Buffer);
1288 return HeapFree(GetProcessHeap(), 0, Buffer);
1290 /******************************************************************************
1291 * LsaClose [ADVAPI32.@]
1294 LsaClose(IN LSA_HANDLE ObjectHandle)
1296 FIXME("(%p):stub\n",ObjectHandle);
1300 /******************************************************************************
1301 * LsaNtStatusToWinError [ADVAPI32.@]
1307 LsaNtStatusToWinError(NTSTATUS Status)
1309 return RtlNtStatusToDosError(Status);
1312 /******************************************************************************
1313 * NotifyBootConfigStatus [ADVAPI32.@]
1319 NotifyBootConfigStatus( DWORD x1 )
1321 FIXME("(0x%08lx):stub\n",x1);
1325 /******************************************************************************
1326 * RevertToSelf [ADVAPI32.@]
1332 RevertToSelf( void )
1334 FIXME("(), stub\n");
1338 /******************************************************************************
1339 * ImpersonateSelf [ADVAPI32.@]
1342 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1344 return RtlImpersonateSelf(ImpersonationLevel);
1347 /******************************************************************************
1348 * ImpersonateLoggedOnUser [ADVAPI32.@]
1350 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
1352 FIXME("(%p):stub returning FALSE\n", hToken);
1356 /******************************************************************************
1357 * AccessCheck [ADVAPI32.@]
1359 * FIXME check cast LPBOOL to PBOOLEAN
1363 PSECURITY_DESCRIPTOR SecurityDescriptor,
1365 DWORD DesiredAccess,
1366 PGENERIC_MAPPING GenericMapping,
1367 PPRIVILEGE_SET PrivilegeSet,
1368 LPDWORD PrivilegeSetLength,
1369 LPDWORD GrantedAccess,
1370 LPBOOL AccessStatus)
1372 CallWin32ToNt (NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess,
1373 GenericMapping, PrivilegeSet, PrivilegeSetLength, GrantedAccess, (PBOOLEAN)AccessStatus));
1377 /******************************************************************************
1378 * AccessCheckByType [ADVAPI32.@]
1380 BOOL WINAPI AccessCheckByType(
1381 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1382 PSID PrincipalSelfSid,
1384 DWORD DesiredAccess,
1385 POBJECT_TYPE_LIST ObjectTypeList,
1386 DWORD ObjectTypeListLength,
1387 PGENERIC_MAPPING GenericMapping,
1388 PPRIVILEGE_SET PrivilegeSet,
1389 LPDWORD PrivilegeSetLength,
1390 LPDWORD GrantedAccess,
1391 LPBOOL AccessStatus)
1395 *AccessStatus = TRUE;
1397 return !*AccessStatus;
1401 /*************************************************************************
1402 * SetKernelObjectSecurity [ADVAPI32.@]
1404 BOOL WINAPI SetKernelObjectSecurity (
1406 IN SECURITY_INFORMATION SecurityInformation,
1407 IN PSECURITY_DESCRIPTOR SecurityDescriptor )
1409 CallWin32ToNt (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor));
1413 /******************************************************************************
1414 * AddAuditAccessAce [ADVAPI32.@]
1416 BOOL WINAPI AddAuditAccessAce(
1418 IN DWORD dwAceRevision,
1419 IN DWORD dwAccessMask,
1421 IN BOOL bAuditSuccess,
1422 IN BOOL bAuditFailure)
1428 /******************************************************************************
1429 * LookupAccountNameA [ADVAPI32.@]
1437 LPSTR ReferencedDomainName,
1438 IN OUT LPDWORD cbReferencedDomainName,
1439 OUT PSID_NAME_USE name_use )
1441 FIXME("(%s,%s,%p,%p,%p,%p,%p), stub.\n",system,account,sid,cbSid,ReferencedDomainName,cbReferencedDomainName,name_use);
1445 /******************************************************************************
1446 * PrivilegeCheck [ADVAPI32.@]
1448 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
1450 FIXME("stub %p %p %p\n", ClientToken, RequiredPrivileges, pfResult);
1456 /******************************************************************************
1457 * AccessCheckAndAuditAlarmA [ADVAPI32.@]
1459 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName,
1460 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1461 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1462 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1464 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem),
1465 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName),
1466 SecurityDescriptor, DesiredAccess, GenericMapping,
1467 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1471 /******************************************************************************
1472 * AccessCheckAndAuditAlarmW [ADVAPI32.@]
1474 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName,
1475 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess,
1476 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess,
1477 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose)
1479 FIXME("stub (%s,%p,%s,%s,%p,%08lx,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem),
1480 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName),
1481 SecurityDescriptor, DesiredAccess, GenericMapping,
1482 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose);
1487 /******************************************************************************
1488 * GetSecurityInfoExW [ADVAPI32.@]
1490 DWORD WINAPI GetSecurityInfoExW(
1491 HANDLE hObject, SE_OBJECT_TYPE ObjectType,
1492 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider,
1493 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList,
1494 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup
1498 return ERROR_BAD_PROVIDER;
1501 /******************************************************************************
1502 * BuildTrusteeWithSidA [ADVAPI32.@]
1504 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid)
1506 FIXME("%p %p\n", pTrustee, pSid);
1509 /******************************************************************************
1510 * BuildTrusteeWithSidW [ADVAPI32.@]
1512 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid)
1514 FIXME("%p %p\n", pTrustee, pSid);
1517 /******************************************************************************
1518 * SetEntriesInAclA [ADVAPI32.@]
1520 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries,
1521 PACL OldAcl, PACL* NewAcl )
1523 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1524 return ERROR_CALL_NOT_IMPLEMENTED;
1527 /******************************************************************************
1528 * SetEntriesInAclW [ADVAPI32.@]
1530 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries,
1531 PACL OldAcl, PACL* NewAcl )
1533 FIXME("%ld %p %p %p\n",count,pEntries,OldAcl,NewAcl);
1534 return ERROR_CALL_NOT_IMPLEMENTED;
1537 /******************************************************************************
1538 * SetNamedSecurityInfoA [ADVAPI32.@]
1540 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName,
1541 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1542 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1544 FIXME("%s %d %ld %p %p %p %p\n", debugstr_a(pObjectName), ObjectType,
1545 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1546 return ERROR_CALL_NOT_IMPLEMENTED;
1549 /******************************************************************************
1550 * SetNamedSecurityInfoW [ADVAPI32.@]
1552 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName,
1553 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
1554 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
1556 FIXME("%s %d %ld %p %p %p %p\n", debugstr_w(pObjectName), ObjectType,
1557 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl);
1558 return ERROR_CALL_NOT_IMPLEMENTED;
1561 /******************************************************************************
1562 * GetExplicitEntriesFromAclA [ADVAPI32.@]
1564 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries,
1565 PEXPLICIT_ACCESSA* pListOfExplicitEntries)
1567 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1568 return ERROR_CALL_NOT_IMPLEMENTED;
1571 /******************************************************************************
1572 * GetExplicitEntriesFromAclW [ADVAPI32.@]
1574 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries,
1575 PEXPLICIT_ACCESSW* pListOfExplicitEntries)
1577 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries);
1578 return ERROR_CALL_NOT_IMPLEMENTED;
1582 /******************************************************************************
1583 * ParseAclStringFlags
1585 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
1588 LPCWSTR szAcl = *StringAcl;
1590 while (*szAcl != '(')
1594 flags |= SE_DACL_PROTECTED;
1596 else if (*szAcl == 'A')
1600 flags |= SE_DACL_AUTO_INHERIT_REQ;
1601 else if (*szAcl == 'I')
1602 flags |= SE_DACL_AUTO_INHERITED;
1611 /******************************************************************************
1612 * ParseAceStringType
1616 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
1617 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
1618 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
1619 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
1621 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
1622 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
1623 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
1624 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
1629 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
1632 LPCWSTR szAcl = *StringAcl;
1633 LPACEFLAG lpaf = AceType;
1635 while (lpaf->wstr &&
1636 (len = strlenW(lpaf->wstr)) &&
1637 strncmpW(lpaf->wstr, szAcl, len))
1648 /******************************************************************************
1649 * ParseAceStringFlags
1651 ACEFLAG AceFlags[] =
1653 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
1654 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
1655 { SDDL_INHERITED, INHERITED_ACE },
1656 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
1657 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
1658 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
1659 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
1663 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
1667 LPCWSTR szAcl = *StringAcl;
1669 while (*szAcl != ';')
1671 LPACEFLAG lpaf = AceFlags;
1673 while (lpaf->wstr &&
1674 (len = strlenW(lpaf->wstr)) &&
1675 strncmpW(lpaf->wstr, szAcl, len))
1681 flags |= lpaf->value;
1690 /******************************************************************************
1691 * ParseAceStringRights
1693 ACEFLAG AceRights[] =
1695 { SDDL_GENERIC_ALL, GENERIC_ALL },
1696 { SDDL_GENERIC_READ, GENERIC_READ },
1697 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
1698 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
1699 { SDDL_READ_CONTROL, READ_CONTROL },
1700 { SDDL_STANDARD_DELETE, DELETE },
1701 { SDDL_WRITE_DAC, WRITE_DAC },
1702 { SDDL_WRITE_OWNER, WRITE_OWNER },
1706 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
1710 LPCWSTR szAcl = *StringAcl;
1712 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
1716 while (*p && *p != ';')
1721 rights = strtoulW(szAcl, NULL, 16);
1725 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
1729 while (*szAcl != ';')
1731 LPACEFLAG lpaf = AceRights;
1733 while (lpaf->wstr &&
1734 (len = strlenW(lpaf->wstr)) &&
1735 strncmpW(lpaf->wstr, szAcl, len))
1743 rights |= lpaf->value;
1753 /******************************************************************************
1754 * ParseStringAclToAcl
1756 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
1758 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
1759 PACL pAcl, LPDWORD cBytes)
1763 DWORD length = sizeof(ACL);
1764 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
1766 TRACE("%s\n", debugstr_w(StringAcl));
1771 if (pAcl) /* pAce is only useful if we're setting values */
1772 pAce = (PACCESS_ALLOWED_ACE) ((LPBYTE)pAcl + sizeof(PACL));
1774 /* Parse ACL flags */
1775 *lpdwFlags = ParseAclStringFlags(&StringAcl);
1778 while (*StringAcl == '(')
1782 /* Parse ACE type */
1783 val = ParseAceStringType(&StringAcl);
1785 pAce->Header.AceType = (BYTE) val;
1786 if (*StringAcl != ';')
1790 /* Parse ACE flags */
1791 val = ParseAceStringFlags(&StringAcl);
1793 pAce->Header.AceFlags = (BYTE) val;
1794 if (*StringAcl != ';')
1798 /* Parse ACE rights */
1799 val = ParseAceStringRights(&StringAcl);
1802 if (*StringAcl != ';')
1806 /* Parse ACE object guid */
1807 if (*StringAcl != ';')
1809 FIXME("Support for *_OBJECT_ACE_TYPE not implemented");
1814 /* Parse ACE inherit object guid */
1815 if (*StringAcl != ';')
1817 FIXME("Support for *_OBJECT_ACE_TYPE not implemented");
1822 /* Parse ACE account sid */
1823 if (ParseStringSidToSid(StringAcl, pAce ? (PSID)&pAce->SidStart : NULL, &sidlen))
1825 while (*StringAcl && *StringAcl != ')')
1829 if (*StringAcl != ')')
1833 length += sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
1840 WARN("Invalid ACE string format\n");
1845 /******************************************************************************
1846 * ParseStringSecurityDescriptorToSecurityDescriptor
1848 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
1849 LPCWSTR StringSecurityDescriptor,
1850 PSECURITY_DESCRIPTOR SecurityDescriptor,
1855 WCHAR tok[MAX_PATH];
1857 LPBYTE lpNext = NULL;
1861 if (SecurityDescriptor)
1862 lpNext = ((LPBYTE) SecurityDescriptor) + sizeof(SECURITY_DESCRIPTOR);
1864 while (*StringSecurityDescriptor)
1866 toktype = *StringSecurityDescriptor;
1868 /* Expect char identifier followed by ':' */
1869 StringSecurityDescriptor++;
1870 if (*StringSecurityDescriptor != ':')
1872 SetLastError(ERROR_INVALID_PARAMETER);
1875 StringSecurityDescriptor++;
1878 lptoken = StringSecurityDescriptor;
1879 while (*lptoken && *lptoken != ':')
1885 strncpyW(tok, StringSecurityDescriptor, lptoken - StringSecurityDescriptor);
1893 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1896 if (SecurityDescriptor)
1898 SecurityDescriptor->Owner = (PSID) ((DWORD) lpNext -
1899 (DWORD) SecurityDescriptor);
1900 lpNext += bytes; /* Advance to next token */
1912 if (!ParseStringSidToSid(tok, (PSID)lpNext, &bytes))
1915 if (SecurityDescriptor)
1917 SecurityDescriptor->Group = (PSID) ((DWORD) lpNext -
1918 (DWORD) SecurityDescriptor);
1919 lpNext += bytes; /* Advance to next token */
1932 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1935 if (SecurityDescriptor)
1937 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
1938 SecurityDescriptor->Dacl = (PACL) ((DWORD) lpNext -
1939 (DWORD) SecurityDescriptor);
1940 lpNext += bytes; /* Advance to next token */
1953 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
1956 if (SecurityDescriptor)
1958 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
1959 SecurityDescriptor->Sacl = (PACL) ((DWORD) lpNext -
1960 (DWORD) SecurityDescriptor);
1961 lpNext += bytes; /* Advance to next token */
1970 FIXME("Unknown token\n");
1971 SetLastError(ERROR_INVALID_PARAMETER);
1975 StringSecurityDescriptor = lptoken;
1984 /******************************************************************************
1985 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
1987 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(
1988 LPCWSTR StringSecurityDescriptor,
1989 DWORD StringSDRevision,
1990 PSECURITY_DESCRIPTOR* SecurityDescriptor,
1991 PULONG SecurityDescriptorSize)
1994 PSECURITY_DESCRIPTOR psd;
1997 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
1999 if (GetVersion() & 0x80000000)
2001 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2004 else if (StringSDRevision != SID_REVISION)
2006 SetLastError(ERROR_UNKNOWN_REVISION);
2010 /* Compute security descriptor length */
2011 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2015 psd = *SecurityDescriptor = (PSECURITY_DESCRIPTOR) LocalAlloc(
2016 GMEM_ZEROINIT, cBytes);
2018 psd->Revision = SID_REVISION;
2019 psd->Control |= SE_SELF_RELATIVE;
2021 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2028 if (SecurityDescriptorSize)
2029 *SecurityDescriptorSize = cBytes;
2034 TRACE(" ret=%d\n", bret);
2038 /******************************************************************************
2039 * ConvertStringSidToSidW [ADVAPI32.@]
2041 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
2046 if (GetVersion() & 0x80000000)
2047 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2048 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
2050 PSID pSid = *Sid = (PSID) LocalAlloc(0, cBytes);
2052 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
2060 /******************************************************************************
2061 * ComputeStringSidSize
2063 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
2066 DWORD size = sizeof(SID);
2070 if (*StringSid == '-')
2076 size += (ctok - 3) * sizeof(DWORD);
2081 /******************************************************************************
2082 * ParseStringSidToSid
2084 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
2090 SetLastError(ERROR_INVALID_PARAMETER);
2094 *cBytes = ComputeStringSidSize(StringSid);
2095 if (!pSid) /* Simply compute the size */
2098 if (*StringSid != 'S' || *StringSid != '-') /* S-R-I-S-S */
2101 int csubauth = ((*cBytes - sizeof(SID)) / sizeof(DWORD)) + 1;
2103 StringSid += 2; /* Advance to Revision */
2104 pSid->Revision = atoiW(StringSid);
2106 if (pSid->Revision != SDDL_REVISION)
2107 goto lend; /* ERROR_INVALID_SID */
2109 pSid->SubAuthorityCount = csubauth;
2111 while (*StringSid && *StringSid != '-')
2112 StringSid++; /* Advance to identifier authority */
2114 pSid->IdentifierAuthority.Value[5] = atoiW(StringSid);
2116 if (pSid->IdentifierAuthority.Value[5] > 5)
2117 goto lend; /* ERROR_INVALID_SID */
2121 while (*StringSid && *StringSid != '-')
2124 pSid->SubAuthority[i++] = atoiW(StringSid);
2127 if (i != pSid->SubAuthorityCount)
2128 goto lend; /* ERROR_INVALID_SID */
2132 else /* String constant format - Only available in winxp and above */
2134 pSid->Revision = SDDL_REVISION;
2135 pSid->SubAuthorityCount = 1;
2137 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
2139 /* TODO: Lookup string of well-known SIDs in table */
2140 pSid->IdentifierAuthority.Value[5] = 0;
2141 pSid->SubAuthority[0] = 0;
2148 SetLastError(ERROR_INVALID_SID);
2153 /******************************************************************************
2154 * GetNamedSecurityInfoA [ADVAPI32.@]
2156 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName,
2157 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2158 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2159 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2161 FIXME("%s %d %ld %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
2162 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2163 return ERROR_CALL_NOT_IMPLEMENTED;
2166 /******************************************************************************
2167 * GetNamedSecurityInfoW [ADVAPI32.@]
2169 DWORD WINAPI GetNamedSecurityInfoW(LPWSTR pObjectName,
2170 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo,
2171 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl,
2172 PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
2174 FIXME("%s %d %ld %p %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, SecurityInfo,
2175 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
2176 return ERROR_CALL_NOT_IMPLEMENTED;