projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[ADVAPI32] Fix crash when running advapi32:security with DPH.
[reactos.git] / dll / win32 / advapi32 / wine / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * WINE COPYRIGHT:
4 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net>
5 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
6 * Copyright 2006 Robert Reif
7 * Copyright 2006 Hervé Poussineau
8 *
9 * PROJECT: ReactOS system libraries
10 * FILE: dll/win32/advapi32/wine/security.c
11 */
12
13 #include <advapi32.h>
14
15 #include <sddl.h>
16
17 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
18
19 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes);
20
21 typedef struct _ACEFLAG
22 {
23 LPCWSTR wstr;
24 DWORD value;
25 } ACEFLAG, *LPACEFLAG;
26
27 typedef struct _MAX_SID
28 {
29 /* same fields as struct _SID */
30 BYTE Revision;
31 BYTE SubAuthorityCount;
32 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
33 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES];
34 } MAX_SID;
35
36 typedef struct WELLKNOWNSID
37 {
38 WCHAR wstr[2];
39 WELL_KNOWN_SID_TYPE Type;
40 MAX_SID Sid;
41 } WELLKNOWNSID;
42
43 static const WELLKNOWNSID WellKnownSids[] =
44 {
45 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } },
46 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } },
47 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } },
48 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } },
49 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } },
50 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } },
51 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } },
52 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } },
53 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } },
54 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } },
55 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } },
56 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } },
57 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } },
58 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } },
59 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } },
60 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } },
61 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } },
62 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } },
63 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } },
64 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } },
65 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } },
66 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } },
67 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } },
68 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } },
69 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } },
70 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } },
71 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } },
72 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } },
73 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } },
74 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } },
75 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } },
76 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } },
77 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } },
78 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } },
79 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } },
80 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } },
81 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } },
82 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } },
83 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } },
84 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
85 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
86 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
87 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
88 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
89 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
90 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
91 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
92 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } },
93 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } },
94 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
95 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
96 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
97 };
98
99 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
100 typedef struct WELLKNOWNRID
101 {
102 WCHAR wstr[2];
103 WELL_KNOWN_SID_TYPE Type;
104 DWORD Rid;
105 } WELLKNOWNRID;
106
107 static const WELLKNOWNRID WellKnownRids[] = {
108 { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
109 { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
110 { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
111 { {'D','A'}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
112 { {'D','U'}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
113 { {'D','G'}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
114 { {'D','C'}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
115 { {'D','D'}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
116 { {'C','A'}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
117 { {'S','A'}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
118 { {'E','A'}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
119 { {'P','A'}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
120 { {'R','S'}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
121 };
122
123 #ifndef __REACTOS__
124 static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
125 #endif
126
127 static const WCHAR SDDL_NO_READ_UP[] = {'N','R',0};
128 static const WCHAR SDDL_NO_WRITE_UP[] = {'N','W',0};
129 static const WCHAR SDDL_NO_EXECUTE_UP[] = {'N','X',0};
130
131 /*
132 * ACE types
133 */
134 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0};
135 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0};
136 #ifndef __REACTOS__
137 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0};
138 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0};
139 #endif
140 static const WCHAR SDDL_AUDIT[] = {'A','U',0};
141 static const WCHAR SDDL_ALARM[] = {'A','L',0};
142 static const WCHAR SDDL_MANDATORY_LABEL[] = {'M','L',0};
143 #ifndef __REACTOS__
144 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0};
145 static const WCHAR SDDL_OBJECT_ALARM[] = {'O','L',0};
146 #endif
147
148 /*
149 * SDDL ADS Rights
150 */
151 #define ADS_RIGHT_DS_CREATE_CHILD 0x0001
152 #define ADS_RIGHT_DS_DELETE_CHILD 0x0002
153 #define ADS_RIGHT_ACTRL_DS_LIST 0x0004
154 #define ADS_RIGHT_DS_SELF 0x0008
155 #define ADS_RIGHT_DS_READ_PROP 0x0010
156 #define ADS_RIGHT_DS_WRITE_PROP 0x0020
157 #define ADS_RIGHT_DS_DELETE_TREE 0x0040
158 #define ADS_RIGHT_DS_LIST_OBJECT 0x0080
159 #define ADS_RIGHT_DS_CONTROL_ACCESS 0x0100
160
161 /*
162 * ACE flags
163 */
164 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0};
165 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0};
166 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0};
167 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0};
168 static const WCHAR SDDL_INHERITED[] = {'I','D',0};
169 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0};
170 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0};
171
172 static const char * debugstr_sid(PSID sid)
173 {
174 int auth = 0;
175 SID * psid = (SID *)sid;
176
177 if (psid == NULL)
178 return "(null)";
179
180 auth = psid->IdentifierAuthority.Value[5] +
181 (psid->IdentifierAuthority.Value[4] << 8) +
182 (psid->IdentifierAuthority.Value[3] << 16) +
183 (psid->IdentifierAuthority.Value[2] << 24);
184
185 switch (psid->SubAuthorityCount) {
186 case 0:
187 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth);
188 case 1:
189 return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth,
190 psid->SubAuthority[0]);
191 case 2:
192 return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth,
193 psid->SubAuthority[0], psid->SubAuthority[1]);
194 case 3:
195 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth,
196 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]);
197 case 4:
198 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth,
199 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
200 psid->SubAuthority[3]);
201 case 5:
202 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
203 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
204 psid->SubAuthority[3], psid->SubAuthority[4]);
205 case 6:
206 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
207 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2],
208 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]);
209 case 7:
210 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
211 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
212 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
213 psid->SubAuthority[6]);
214 case 8:
215 return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth,
216 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2],
217 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5],
218 psid->SubAuthority[6], psid->SubAuthority[7]);
219 }
220 return "(too-big)";
221 }
222
223 /* set last error code from NT status and get the proper boolean return value */
224 /* used for functions that are a simple wrapper around the corresponding ntdll API */
225 static __inline BOOL set_ntstatus( NTSTATUS status )
226 {
227 if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
228 return NT_SUCCESS(status);
229 }
230
231 static LPWSTR SERV_dup( LPCSTR str )
232 {
233 UINT len;
234 LPWSTR wstr;
235
236 if( !str )
237 return NULL;
238 len = MultiByteToWideChar( CP_ACP, 0, str, -1, NULL, 0 );
239 wstr = heap_alloc( len*sizeof (WCHAR) );
240 MultiByteToWideChar( CP_ACP, 0, str, -1, wstr, len );
241 return wstr;
242 }
243
244 /************************************************************
245 * ADVAPI_IsLocalComputer
246 *
247 * Checks whether the server name indicates local machine.
248 */
249 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
250 {
251 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
252 BOOL Result;
253 LPWSTR buf;
254
255 if (!ServerName || !ServerName[0])
256 return TRUE;
257
258 buf = heap_alloc(dwSize * sizeof(WCHAR));
259 Result = GetComputerNameW(buf, &dwSize);
260 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
261 ServerName += 2;
262 Result = Result && !lstrcmpW(ServerName, buf);
263 heap_free(buf);
264
265 return Result;
266 }
267
268 /************************************************************
269 * ADVAPI_GetComputerSid
270 */
271 BOOL ADVAPI_GetComputerSid(PSID sid)
272 {
273 static const struct /* same fields as struct SID */
274 {
275 BYTE Revision;
276 BYTE SubAuthorityCount;
277 SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
278 DWORD SubAuthority[4];
279 } computer_sid =
280 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
281
282 memcpy( sid, &computer_sid, sizeof(computer_sid) );
283 return TRUE;
284 }
285
286 /* Exported functions */
287
288 /*
289 * @implemented
290 */
291 BOOL WINAPI
292 OpenProcessToken(HANDLE ProcessHandle,
293 DWORD DesiredAccess,
294 PHANDLE TokenHandle)
295 {
296 NTSTATUS Status;
297
298 TRACE("%p, %x, %p.\n", ProcessHandle, DesiredAccess, TokenHandle);
299
300 Status = NtOpenProcessToken(ProcessHandle,
301 DesiredAccess,
302 TokenHandle);
303 if (!NT_SUCCESS(Status))
304 {
305 ERR("NtOpenProcessToken failed! Status %08x.\n", Status);
306 SetLastError(RtlNtStatusToDosError(Status));
307 return FALSE;
308 }
309
310 TRACE("Returning token %p.\n", *TokenHandle);
311
312 return TRUE;
313 }
314
315 /******************************************************************************
316 * OpenThreadToken [ADVAPI32.@]
317 *
318 * Opens the access token associated with a thread handle.
319 *
320 * PARAMS
321 * ThreadHandle [I] Handle to process
322 * DesiredAccess [I] Desired access to the thread
323 * OpenAsSelf [I] ???
324 * TokenHandle [O] Destination for the token handle
325 *
326 * RETURNS
327 * Success: TRUE. TokenHandle contains the access token.
328 * Failure: FALSE.
329 *
330 * NOTES
331 * See NtOpenThreadToken.
332 */
333 BOOL WINAPI
334 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
335 BOOL OpenAsSelf, HANDLE *TokenHandle)
336 {
337 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
338 }
339
340 /*
341 * @implemented
342 */
343 BOOL WINAPI
344 AdjustTokenGroups(HANDLE TokenHandle,
345 BOOL ResetToDefault,
346 PTOKEN_GROUPS NewState,
347 DWORD BufferLength,
348 PTOKEN_GROUPS PreviousState,
349 PDWORD ReturnLength)
350 {
351 NTSTATUS Status;
352
353 Status = NtAdjustGroupsToken(TokenHandle,
354 ResetToDefault,
355 NewState,
356 BufferLength,
357 PreviousState,
358 (PULONG)ReturnLength);
359 if (!NT_SUCCESS(Status))
360 {
361 SetLastError(RtlNtStatusToDosError(Status));
362 return FALSE;
363 }
364
365 return TRUE;
366 }
367
368 /*
369 * @implemented
370 */
371 BOOL WINAPI
372 AdjustTokenPrivileges(HANDLE TokenHandle,
373 BOOL DisableAllPrivileges,
374 PTOKEN_PRIVILEGES NewState,
375 DWORD BufferLength,
376 PTOKEN_PRIVILEGES PreviousState,
377 PDWORD ReturnLength)
378 {
379 NTSTATUS Status;
380
381 Status = NtAdjustPrivilegesToken(TokenHandle,
382 DisableAllPrivileges,
383 NewState,
384 BufferLength,
385 PreviousState,
386 (PULONG)ReturnLength);
387 if (STATUS_NOT_ALL_ASSIGNED == Status)
388 {
389 SetLastError(ERROR_NOT_ALL_ASSIGNED);
390 return TRUE;
391 }
392
393 if (!NT_SUCCESS(Status))
394 {
395 SetLastError(RtlNtStatusToDosError(Status));
396 return FALSE;
397 }
398
399 /* AdjustTokenPrivileges is documented to do this */
400 SetLastError(ERROR_SUCCESS);
401
402 return TRUE;
403 }
404
405 /*
406 * @implemented
407 */
408 BOOL WINAPI
409 GetTokenInformation(HANDLE TokenHandle,
410 TOKEN_INFORMATION_CLASS TokenInformationClass,
411 LPVOID TokenInformation,
412 DWORD TokenInformationLength,
413 PDWORD ReturnLength)
414 {
415 NTSTATUS Status;
416
417 Status = NtQueryInformationToken(TokenHandle,
418 TokenInformationClass,
419 TokenInformation,
420 TokenInformationLength,
421 (PULONG)ReturnLength);
422 if (!NT_SUCCESS(Status))
423 {
424 SetLastError(RtlNtStatusToDosError(Status));
425 return FALSE;
426 }
427
428 return TRUE;
429 }
430
431 /*
432 * @implemented
433 */
434 BOOL WINAPI
435 SetTokenInformation(HANDLE TokenHandle,
436 TOKEN_INFORMATION_CLASS TokenInformationClass,
437 LPVOID TokenInformation,
438 DWORD TokenInformationLength)
439 {
440 NTSTATUS Status;
441
442 Status = NtSetInformationToken(TokenHandle,
443 TokenInformationClass,
444 TokenInformation,
445 TokenInformationLength);
446 if (!NT_SUCCESS(Status))
447 {
448 SetLastError(RtlNtStatusToDosError(Status));
449 return FALSE;
450 }
451
452 return TRUE;
453 }
454
455 /*
456 * @implemented
457 */
458 BOOL WINAPI
459 SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL,
460 IN HANDLE TokenHandle)
461 {
462 NTSTATUS Status;
463 HANDLE hThread;
464
465 hThread = (ThreadHandle != NULL) ? *ThreadHandle : NtCurrentThread();
466
467 Status = NtSetInformationThread(hThread,
468 ThreadImpersonationToken,
469 &TokenHandle,
470 sizeof(HANDLE));
471 if (!NT_SUCCESS(Status))
472 {
473 SetLastError(RtlNtStatusToDosError(Status));
474 return FALSE;
475 }
476
477 return TRUE;
478 }
479
480 /*************************************************************************
481 * CreateRestrictedToken [ADVAPI32.@]
482 *
483 * Create a new more restricted token from an existing token.
484 *
485 * PARAMS
486 * baseToken [I] Token to base the new restricted token on
487 * flags [I] Options
488 * nDisableSids [I] Length of disableSids array
489 * disableSids [I] Array of SIDs to disable in the new token
490 * nDeletePrivs [I] Length of deletePrivs array
491 * deletePrivs [I] Array of privileges to delete in the new token
492 * nRestrictSids [I] Length of restrictSids array
493 * restrictSids [I] Array of SIDs to restrict in the new token
494 * newToken [O] Address where the new token is stored
495 *
496 * RETURNS
497 * Success: TRUE
498 * Failure: FALSE
499 */
500 BOOL WINAPI CreateRestrictedToken(
501 HANDLE baseToken,
502 DWORD flags,
503 DWORD nDisableSids,
504 PSID_AND_ATTRIBUTES disableSids,
505 DWORD nDeletePrivs,
506 PLUID_AND_ATTRIBUTES deletePrivs,
507 DWORD nRestrictSids,
508 PSID_AND_ATTRIBUTES restrictSids,
509 PHANDLE newToken)
510 {
511 TOKEN_TYPE type;
512 SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
513 DWORD size;
514
515 FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
516 baseToken, flags, nDisableSids, disableSids,
517 nDeletePrivs, deletePrivs,
518 nRestrictSids, restrictSids,
519 newToken);
520
521 size = sizeof(type);
522 if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE;
523 if (type == TokenImpersonation)
524 {
525 size = sizeof(level);
526 if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size ))
527 return FALSE;
528 }
529 return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
530 }
531
532 /******************************************************************************
533 * AllocateAndInitializeSid [ADVAPI32.@]
534 *
535 * PARAMS
536 * pIdentifierAuthority []
537 * nSubAuthorityCount []
538 * nSubAuthority0 []
539 * nSubAuthority1 []
540 * nSubAuthority2 []
541 * nSubAuthority3 []
542 * nSubAuthority4 []
543 * nSubAuthority5 []
544 * nSubAuthority6 []
545 * nSubAuthority7 []
546 * pSid []
547 */
548 BOOL WINAPI
549 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
550 BYTE nSubAuthorityCount,
551 DWORD nSubAuthority0, DWORD nSubAuthority1,
552 DWORD nSubAuthority2, DWORD nSubAuthority3,
553 DWORD nSubAuthority4, DWORD nSubAuthority5,
554 DWORD nSubAuthority6, DWORD nSubAuthority7,
555 PSID *pSid )
556 {
557 return set_ntstatus( RtlAllocateAndInitializeSid(
558 pIdentifierAuthority, nSubAuthorityCount,
559 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
560 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
561 pSid ));
562 }
563
564 /*
565 * @implemented
566 *
567 * RETURNS
568 * Docs says this function does NOT return a value
569 * even thou it's defined to return a PVOID...
570 */
571 PVOID
572 WINAPI
573 FreeSid(PSID pSid)
574 {
575 return RtlFreeSid(pSid);
576 }
577
578 /******************************************************************************
579 * CopySid [ADVAPI32.@]
580 *
581 * PARAMS
582 * nDestinationSidLength []
583 * pDestinationSid []
584 * pSourceSid []
585 */
586 BOOL WINAPI
587 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
588 {
589 return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
590 }
591
592 /*
593 * @unimplemented
594 */
595 BOOL
596 WINAPI
597 CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType,
598 IN PSID DomainSid OPTIONAL,
599 OUT PSID pSid,
600 IN OUT DWORD* cbSid)
601 {
602 unsigned int i;
603 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
604
605 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid)))
606 {
607 SetLastError(ERROR_INVALID_PARAMETER);
608 return FALSE;
609 }
610
611 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) {
612 if (WellKnownSids[i].Type == WellKnownSidType) {
613 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
614
615 if (*cbSid < length)
616 {
617 *cbSid = length;
618 SetLastError(ERROR_INSUFFICIENT_BUFFER);
619 return FALSE;
620 }
621 if (!pSid)
622 {
623 SetLastError(ERROR_INVALID_PARAMETER);
624 return FALSE;
625 }
626 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length);
627 *cbSid = length;
628 return TRUE;
629 }
630 }
631
632 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
633 {
634 SetLastError(ERROR_INVALID_PARAMETER);
635 return FALSE;
636 }
637
638 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
639 if (WellKnownRids[i].Type == WellKnownSidType) {
640 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
641 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
642 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
643
644 if (*cbSid < output_sid_length)
645 {
646 *cbSid = output_sid_length;
647 SetLastError(ERROR_INSUFFICIENT_BUFFER);
648 return FALSE;
649 }
650 if (!pSid)
651 {
652 SetLastError(ERROR_INVALID_PARAMETER);
653 return FALSE;
654 }
655 CopyMemory(pSid, DomainSid, domain_sid_length);
656 (*GetSidSubAuthorityCount(pSid))++;
657 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
658 *cbSid = output_sid_length;
659 return TRUE;
660 }
661
662 SetLastError(ERROR_INVALID_PARAMETER);
663 return FALSE;
664 }
665
666 /*
667 * @unimplemented
668 */
669 BOOL
670 WINAPI
671 IsWellKnownSid(IN PSID pSid,
672 IN WELL_KNOWN_SID_TYPE WellKnownSidType)
673 {
674 unsigned int i;
675 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType);
676
677 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
678 {
679 if (WellKnownSids[i].Type == WellKnownSidType)
680 {
681 if (EqualSid(pSid, (PSID)(&WellKnownSids[i].Sid.Revision)))
682 return TRUE;
683 }
684 }
685
686 return FALSE;
687 }
688
689 /*
690 * @implemented
691 */
692 BOOL
693 WINAPI
694 IsValidSid(PSID pSid)
695 {
696 return (BOOL)RtlValidSid(pSid);
697 }
698
699 /*
700 * @implemented
701 */
702 BOOL
703 WINAPI
704 EqualSid(PSID pSid1,
705 PSID pSid2)
706 {
707 SetLastError(ERROR_SUCCESS);
708 return RtlEqualSid (pSid1, pSid2);
709 }
710
711 /*
712 * @implemented
713 */
714 BOOL
715 WINAPI
716 EqualPrefixSid(PSID pSid1,
717 PSID pSid2)
718 {
719 return RtlEqualPrefixSid (pSid1, pSid2);
720 }
721
722 /*
723 * @implemented
724 */
725 DWORD
726 WINAPI
727 GetSidLengthRequired(UCHAR nSubAuthorityCount)
728 {
729 return (DWORD)RtlLengthRequiredSid(nSubAuthorityCount);
730 }
731
732 /*
733 * @implemented
734 */
735 BOOL
736 WINAPI
737 InitializeSid(PSID Sid,
738 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
739 BYTE nSubAuthorityCount)
740 {
741 NTSTATUS Status;
742
743 Status = RtlInitializeSid(Sid,
744 pIdentifierAuthority,
745 nSubAuthorityCount);
746 if (!NT_SUCCESS(Status))
747 {
748 SetLastError(RtlNtStatusToDosError(Status));
749 return FALSE;
750 }
751
752 return TRUE;
753 }
754
755 /*
756 * @implemented
757 */
758 PSID_IDENTIFIER_AUTHORITY
759 WINAPI
760 GetSidIdentifierAuthority(PSID pSid)
761 {
762 SetLastError(ERROR_SUCCESS);
763 return RtlIdentifierAuthoritySid(pSid);
764 }
765
766 /*
767 * @implemented
768 */
769 PDWORD
770 WINAPI
771 GetSidSubAuthority(PSID pSid,
772 DWORD nSubAuthority)
773 {
774 SetLastError(ERROR_SUCCESS);
775 return (PDWORD)RtlSubAuthoritySid(pSid, nSubAuthority);
776 }
777
778 /*
779 * @implemented
780 */
781 PUCHAR
782 WINAPI
783 GetSidSubAuthorityCount(PSID pSid)
784 {
785 SetLastError(ERROR_SUCCESS);
786 return RtlSubAuthorityCountSid(pSid);
787 }
788
789 /*
790 * @implemented
791 */
792 DWORD
793 WINAPI
794 GetLengthSid(PSID pSid)
795 {
796 return (DWORD)RtlLengthSid(pSid);
797 }
798
799 /*
800 * @implemented
801 */
802 BOOL
803 WINAPI
804 InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
805 DWORD dwRevision)
806 {
807 NTSTATUS Status;
808
809 Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
810 dwRevision);
811 if (!NT_SUCCESS(Status))
812 {
813 SetLastError(RtlNtStatusToDosError(Status));
814 return FALSE;
815 }
816
817 return TRUE;
818 }
819
820 /*
821 * @implemented
822 */
823 BOOL
824 WINAPI
825 MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
826 PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
827 LPDWORD lpdwAbsoluteSecurityDescriptorSize,
828 PACL pDacl,
829 LPDWORD lpdwDaclSize,
830 PACL pSacl,
831 LPDWORD lpdwSaclSize,
832 PSID pOwner,
833 LPDWORD lpdwOwnerSize,
834 PSID pPrimaryGroup,
835 LPDWORD lpdwPrimaryGroupSize)
836 {
837 NTSTATUS Status;
838
839 Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
840 pAbsoluteSecurityDescriptor,
841 lpdwAbsoluteSecurityDescriptorSize,
842 pDacl,
843 lpdwDaclSize,
844 pSacl,
845 lpdwSaclSize,
846 pOwner,
847 lpdwOwnerSize,
848 pPrimaryGroup,
849 lpdwPrimaryGroupSize);
850 if (!NT_SUCCESS(Status))
851 {
852 SetLastError(RtlNtStatusToDosError(Status));
853 return FALSE;
854 }
855
856 return TRUE;
857 }
858
859 /******************************************************************************
860 * GetKernelObjectSecurity [ADVAPI32.@]
861 */
862 BOOL WINAPI GetKernelObjectSecurity(
863 HANDLE Handle,
864 SECURITY_INFORMATION RequestedInformation,
865 PSECURITY_DESCRIPTOR pSecurityDescriptor,
866 DWORD nLength,
867 LPDWORD lpnLengthNeeded )
868 {
869 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
870 pSecurityDescriptor, nLength, lpnLengthNeeded);
871
872 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
873 nLength, lpnLengthNeeded ));
874 }
875
876 /*
877 * @implemented
878 */
879 BOOL
880 WINAPI
881 InitializeAcl(PACL pAcl,
882 DWORD nAclLength,
883 DWORD dwAclRevision)
884 {
885 NTSTATUS Status;
886
887 Status = RtlCreateAcl(pAcl,
888 nAclLength,
889 dwAclRevision);
890 if (!NT_SUCCESS(Status))
891 {
892 SetLastError(RtlNtStatusToDosError(Status));
893 return FALSE;
894 }
895
896 return TRUE;
897 }
898
899 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
900 {
901 IO_STATUS_BLOCK io_block;
902
903 TRACE("(%p)\n", hNamedPipe);
904
905 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
906 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
907 }
908
909 /*
910 * @implemented
911 */
912 BOOL
913 WINAPI
914 AddAccessAllowedAce(PACL pAcl,
915 DWORD dwAceRevision,
916 DWORD AccessMask,
917 PSID pSid)
918 {
919 NTSTATUS Status;
920
921 Status = RtlAddAccessAllowedAce(pAcl,
922 dwAceRevision,
923 AccessMask,
924 pSid);
925 if (!NT_SUCCESS(Status))
926 {
927 SetLastError(RtlNtStatusToDosError(Status));
928 return FALSE;
929 }
930
931 return TRUE;
932 }
933
934 /*
935 * @implemented
936 */
937 BOOL WINAPI
938 AddAccessAllowedAceEx(PACL pAcl,
939 DWORD dwAceRevision,
940 DWORD AceFlags,
941 DWORD AccessMask,
942 PSID pSid)
943 {
944 NTSTATUS Status;
945
946 Status = RtlAddAccessAllowedAceEx(pAcl,
947 dwAceRevision,
948 AceFlags,
949 AccessMask,
950 pSid);
951 if (!NT_SUCCESS(Status))
952 {
953 SetLastError(RtlNtStatusToDosError(Status));
954 return FALSE;
955 }
956
957 return TRUE;
958 }
959
960 /*
961 * @implemented
962 */
963 BOOL
964 WINAPI
965 AddAccessDeniedAce(PACL pAcl,
966 DWORD dwAceRevision,
967 DWORD AccessMask,
968 PSID pSid)
969 {
970 NTSTATUS Status;
971
972 Status = RtlAddAccessDeniedAce(pAcl,
973 dwAceRevision,
974 AccessMask,
975 pSid);
976 if (!NT_SUCCESS(Status))
977 {
978 SetLastError(RtlNtStatusToDosError(Status));
979 return FALSE;
980 }
981
982 return TRUE;
983 }
984
985 /*
986 * @implemented
987 */
988 BOOL WINAPI
989 AddAccessDeniedAceEx(PACL pAcl,
990 DWORD dwAceRevision,
991 DWORD AceFlags,
992 DWORD AccessMask,
993 PSID pSid)
994 {
995 NTSTATUS Status;
996
997 Status = RtlAddAccessDeniedAceEx(pAcl,
998 dwAceRevision,
999 AceFlags,
1000 AccessMask,
1001 pSid);
1002 if (!NT_SUCCESS(Status))
1003 {
1004 SetLastError(RtlNtStatusToDosError(Status));
1005 return FALSE;
1006 }
1007
1008 return TRUE;
1009 }
1010
1011 /*
1012 * @implemented
1013 */
1014 BOOL
1015 WINAPI
1016 AddAce(PACL pAcl,
1017 DWORD dwAceRevision,
1018 DWORD dwStartingAceIndex,
1019 LPVOID pAceList,
1020 DWORD nAceListLength)
1021 {
1022 NTSTATUS Status;
1023
1024 Status = RtlAddAce(pAcl,
1025 dwAceRevision,
1026 dwStartingAceIndex,
1027 pAceList,
1028 nAceListLength);
1029 if (!NT_SUCCESS(Status))
1030 {
1031 SetLastError(RtlNtStatusToDosError(Status));
1032 return FALSE;
1033 }
1034
1035 return TRUE;
1036 }
1037
1038 /******************************************************************************
1039 * DeleteAce [ADVAPI32.@]
1040 */
1041 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
1042 {
1043 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
1044 }
1045
1046 /*
1047 * @implemented
1048 */
1049 BOOL
1050 WINAPI
1051 FindFirstFreeAce(PACL pAcl,
1052 LPVOID *pAce)
1053 {
1054 return RtlFirstFreeAce(pAcl,
1055 (PACE*)pAce);
1056 }
1057
1058 /******************************************************************************
1059 * GetAce [ADVAPI32.@]
1060 */
1061 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
1062 {
1063 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
1064 }
1065
1066 /******************************************************************************
1067 * GetAclInformation [ADVAPI32.@]
1068 */
1069 BOOL WINAPI GetAclInformation(
1070 PACL pAcl,
1071 LPVOID pAclInformation,
1072 DWORD nAclInformationLength,
1073 ACL_INFORMATION_CLASS dwAclInformationClass)
1074 {
1075 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation,
1076 nAclInformationLength, dwAclInformationClass));
1077 }
1078
1079 /*
1080 * @implemented
1081 */
1082 BOOL
1083 WINAPI
1084 IsValidAcl(PACL pAcl)
1085 {
1086 return RtlValidAcl (pAcl);
1087 }
1088
1089 /*
1090 * @implemented
1091 */
1092 BOOL WINAPI
1093 AllocateLocallyUniqueId(PLUID Luid)
1094 {
1095 NTSTATUS Status;
1096
1097 Status = NtAllocateLocallyUniqueId (Luid);
1098 if (!NT_SUCCESS (Status))
1099 {
1100 SetLastError(RtlNtStatusToDosError(Status));
1101 return FALSE;
1102 }
1103
1104 return TRUE;
1105 }
1106
1107 /**********************************************************************
1108 * LookupPrivilegeDisplayNameA EXPORTED
1109 *
1110 * @unimplemented
1111 */
1112 BOOL
1113 WINAPI
1114 LookupPrivilegeDisplayNameA(LPCSTR lpSystemName,
1115 LPCSTR lpName,
1116 LPSTR lpDisplayName,
1117 LPDWORD cchDisplayName,
1118 LPDWORD lpLanguageId)
1119 {
1120 UNICODE_STRING lpSystemNameW;
1121 UNICODE_STRING lpNameW;
1122 BOOL ret;
1123 DWORD wLen = 0;
1124
1125 TRACE("%s %s %p %p %p\n", debugstr_a(lpSystemName), debugstr_a(lpName), lpName, cchDisplayName, lpLanguageId);
1126
1127 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1128 RtlCreateUnicodeStringFromAsciiz(&lpNameW, lpName);
1129 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, NULL, &wLen, lpLanguageId);
1130 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1131 {
1132 LPWSTR lpDisplayNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1133
1134 ret = LookupPrivilegeDisplayNameW(lpSystemNameW.Buffer, lpNameW.Buffer, lpDisplayNameW,
1135 &wLen, lpLanguageId);
1136 if (ret)
1137 {
1138 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpDisplayNameW, -1, lpDisplayName,
1139 *cchDisplayName, NULL, NULL);
1140
1141 if (len == 0)
1142 {
1143 /* WideCharToMultiByte failed */
1144 ret = FALSE;
1145 }
1146 else if (len > *cchDisplayName)
1147 {
1148 *cchDisplayName = len;
1149 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1150 ret = FALSE;
1151 }
1152 else
1153 {
1154 /* WideCharToMultiByte succeeded, output length needs to be
1155 * length not including NULL terminator
1156 */
1157 *cchDisplayName = len - 1;
1158 }
1159 }
1160 HeapFree(GetProcessHeap(), 0, lpDisplayNameW);
1161 }
1162 RtlFreeUnicodeString(&lpSystemNameW);
1163 RtlFreeUnicodeString(&lpNameW);
1164 return ret;
1165 }
1166
1167 /**********************************************************************
1168 * LookupPrivilegeNameA EXPORTED
1169 *
1170 * @implemented
1171 */
1172 BOOL
1173 WINAPI
1174 LookupPrivilegeNameA(LPCSTR lpSystemName,
1175 PLUID lpLuid,
1176 LPSTR lpName,
1177 LPDWORD cchName)
1178 {
1179 UNICODE_STRING lpSystemNameW;
1180 BOOL ret;
1181 DWORD wLen = 0;
1182
1183 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
1184
1185 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
1186 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
1187 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1188 {
1189 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
1190
1191 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
1192 &wLen);
1193 if (ret)
1194 {
1195 /* Windows crashes if cchName is NULL, so will I */
1196 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
1197 *cchName, NULL, NULL);
1198
1199 if (len == 0)
1200 {
1201 /* WideCharToMultiByte failed */
1202 ret = FALSE;
1203 }
1204 else if (len > *cchName)
1205 {
1206 *cchName = len;
1207 SetLastError(ERROR_INSUFFICIENT_BUFFER);
1208 ret = FALSE;
1209 }
1210 else
1211 {
1212 /* WideCharToMultiByte succeeded, output length needs to be
1213 * length not including NULL terminator
1214 */
1215 *cchName = len - 1;
1216 }
1217 }
1218 HeapFree(GetProcessHeap(), 0, lpNameW);
1219 }
1220 RtlFreeUnicodeString(&lpSystemNameW);
1221 return ret;
1222 }
1223
1224 /******************************************************************************
1225 * GetFileSecurityA [ADVAPI32.@]
1226 *
1227 * Obtains Specified information about the security of a file or directory.
1228 *
1229 * PARAMS
1230 * lpFileName [I] Name of the file to get info for
1231 * RequestedInformation [I] SE_ flags from "winnt.h"
1232 * pSecurityDescriptor [O] Destination for security information
1233 * nLength [I] Length of pSecurityDescriptor
1234 * lpnLengthNeeded [O] Destination for length of returned security information
1235 *
1236 * RETURNS
1237 * Success: TRUE. pSecurityDescriptor contains the requested information.
1238 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
1239 *
1240 * NOTES
1241 * The information returned is constrained by the callers access rights and
1242 * privileges.
1243 *
1244 * @implemented
1245 */
1246 BOOL
1247 WINAPI
1248 GetFileSecurityA(LPCSTR lpFileName,
1249 SECURITY_INFORMATION RequestedInformation,
1250 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1251 DWORD nLength,
1252 LPDWORD lpnLengthNeeded)
1253 {
1254 UNICODE_STRING FileName;
1255 BOOL bResult;
1256
1257 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1258 {
1259 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1260 return FALSE;
1261 }
1262
1263 bResult = GetFileSecurityW(FileName.Buffer,
1264 RequestedInformation,
1265 pSecurityDescriptor,
1266 nLength,
1267 lpnLengthNeeded);
1268
1269 RtlFreeUnicodeString(&FileName);
1270
1271 return bResult;
1272 }
1273
1274 /*
1275 * @implemented
1276 */
1277 BOOL
1278 WINAPI
1279 GetFileSecurityW(LPCWSTR lpFileName,
1280 SECURITY_INFORMATION RequestedInformation,
1281 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1282 DWORD nLength,
1283 LPDWORD lpnLengthNeeded)
1284 {
1285 OBJECT_ATTRIBUTES ObjectAttributes;
1286 IO_STATUS_BLOCK StatusBlock;
1287 UNICODE_STRING FileName;
1288 ULONG AccessMask = 0;
1289 HANDLE FileHandle;
1290 NTSTATUS Status;
1291
1292 TRACE("GetFileSecurityW() called\n");
1293
1294 QuerySecurityAccessMask(RequestedInformation, &AccessMask);
1295
1296 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1297 &FileName,
1298 NULL,
1299 NULL))
1300 {
1301 ERR("Invalid path\n");
1302 SetLastError(ERROR_INVALID_NAME);
1303 return FALSE;
1304 }
1305
1306 InitializeObjectAttributes(&ObjectAttributes,
1307 &FileName,
1308 OBJ_CASE_INSENSITIVE,
1309 NULL,
1310 NULL);
1311
1312 Status = NtOpenFile(&FileHandle,
1313 AccessMask,
1314 &ObjectAttributes,
1315 &StatusBlock,
1316 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1317 0);
1318
1319 RtlFreeHeap(RtlGetProcessHeap(),
1320 0,
1321 FileName.Buffer);
1322
1323 if (!NT_SUCCESS(Status))
1324 {
1325 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1326 SetLastError(RtlNtStatusToDosError(Status));
1327 return FALSE;
1328 }
1329
1330 Status = NtQuerySecurityObject(FileHandle,
1331 RequestedInformation,
1332 pSecurityDescriptor,
1333 nLength,
1334 lpnLengthNeeded);
1335 NtClose(FileHandle);
1336 if (!NT_SUCCESS(Status))
1337 {
1338 ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
1339 SetLastError(RtlNtStatusToDosError(Status));
1340 return FALSE;
1341 }
1342
1343 return TRUE;
1344 }
1345
1346 /******************************************************************************
1347 * SetFileSecurityA [ADVAPI32.@]
1348 * Sets the security of a file or directory
1349 *
1350 * @implemented
1351 */
1352 BOOL
1353 WINAPI
1354 SetFileSecurityA(LPCSTR lpFileName,
1355 SECURITY_INFORMATION SecurityInformation,
1356 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1357 {
1358 UNICODE_STRING FileName;
1359 BOOL bResult;
1360
1361 if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
1362 {
1363 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1364 return FALSE;
1365 }
1366
1367 bResult = SetFileSecurityW(FileName.Buffer,
1368 SecurityInformation,
1369 pSecurityDescriptor);
1370
1371 RtlFreeUnicodeString(&FileName);
1372
1373 return bResult;
1374 }
1375
1376 /******************************************************************************
1377 * SetFileSecurityW [ADVAPI32.@]
1378 * Sets the security of a file or directory
1379 *
1380 * @implemented
1381 */
1382 BOOL
1383 WINAPI
1384 SetFileSecurityW(LPCWSTR lpFileName,
1385 SECURITY_INFORMATION SecurityInformation,
1386 PSECURITY_DESCRIPTOR pSecurityDescriptor)
1387 {
1388 OBJECT_ATTRIBUTES ObjectAttributes;
1389 IO_STATUS_BLOCK StatusBlock;
1390 UNICODE_STRING FileName;
1391 ULONG AccessMask = 0;
1392 HANDLE FileHandle;
1393 NTSTATUS Status;
1394
1395 TRACE("SetFileSecurityW() called\n");
1396
1397 SetSecurityAccessMask(SecurityInformation, &AccessMask);
1398
1399 if (!RtlDosPathNameToNtPathName_U(lpFileName,
1400 &FileName,
1401 NULL,
1402 NULL))
1403 {
1404 ERR("Invalid path\n");
1405 SetLastError(ERROR_INVALID_NAME);
1406 return FALSE;
1407 }
1408
1409 InitializeObjectAttributes(&ObjectAttributes,
1410 &FileName,
1411 OBJ_CASE_INSENSITIVE,
1412 NULL,
1413 NULL);
1414
1415 Status = NtOpenFile(&FileHandle,
1416 AccessMask,
1417 &ObjectAttributes,
1418 &StatusBlock,
1419 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1420 0);
1421
1422 RtlFreeHeap(RtlGetProcessHeap(),
1423 0,
1424 FileName.Buffer);
1425
1426 if (!NT_SUCCESS(Status))
1427 {
1428 ERR("NtOpenFile() failed (Status %lx)\n", Status);
1429 SetLastError(RtlNtStatusToDosError(Status));
1430 return FALSE;
1431 }
1432
1433 Status = NtSetSecurityObject(FileHandle,
1434 SecurityInformation,
1435 pSecurityDescriptor);
1436 NtClose(FileHandle);
1437
1438 if (!NT_SUCCESS(Status))
1439 {
1440 ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
1441 SetLastError(RtlNtStatusToDosError(Status));
1442 return FALSE;
1443 }
1444
1445 return TRUE;
1446 }
1447
1448 /******************************************************************************
1449 * QueryWindows31FilesMigration [ADVAPI32.@]
1450 *
1451 * PARAMS
1452 * x1 []
1453 */
1454 BOOL WINAPI
1455 QueryWindows31FilesMigration( DWORD x1 )
1456 {
1457 FIXME("(%d):stub\n",x1);
1458 return TRUE;
1459 }
1460
1461 /******************************************************************************
1462 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
1463 *
1464 * PARAMS
1465 * x1 []
1466 * x2 []
1467 * x3 []
1468 * x4 []
1469 */
1470 BOOL WINAPI
1471 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
1472 DWORD x4 )
1473 {
1474 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
1475 return TRUE;
1476 }
1477
1478 /*
1479 * @implemented
1480 */
1481 BOOL
1482 WINAPI
1483 RevertToSelf(VOID)
1484 {
1485 NTSTATUS Status;
1486 HANDLE Token = NULL;
1487
1488 Status = NtSetInformationThread(NtCurrentThread(),
1489 ThreadImpersonationToken,
1490 &Token,
1491 sizeof(HANDLE));
1492 if (!NT_SUCCESS(Status))
1493 {
1494 SetLastError(RtlNtStatusToDosError(Status));
1495 return FALSE;
1496 }
1497
1498 return TRUE;
1499 }
1500
1501 /*
1502 * @implemented
1503 */
1504 BOOL
1505 WINAPI
1506 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
1507 {
1508 NTSTATUS Status;
1509
1510 Status = RtlImpersonateSelf(ImpersonationLevel);
1511 if (!NT_SUCCESS(Status))
1512 {
1513 SetLastError(RtlNtStatusToDosError(Status));
1514 return FALSE;
1515 }
1516
1517 return TRUE;
1518 }
1519
1520 /*
1521 * @implemented
1522 */
1523 BOOL
1524 WINAPI
1525 AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
1526 IN HANDLE ClientToken,
1527 IN DWORD DesiredAccess,
1528 IN PGENERIC_MAPPING GenericMapping,
1529 OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
1530 IN OUT LPDWORD PrivilegeSetLength,
1531 OUT LPDWORD GrantedAccess,
1532 OUT LPBOOL AccessStatus)
1533 {
1534 NTSTATUS Status;
1535 NTSTATUS NtAccessStatus;
1536
1537 /* Do the access check */
1538 Status = NtAccessCheck(pSecurityDescriptor,
1539 ClientToken,
1540 DesiredAccess,
1541 GenericMapping,
1542 PrivilegeSet,
1543 (PULONG)PrivilegeSetLength,
1544 (PACCESS_MASK)GrantedAccess,
1545 &NtAccessStatus);
1546
1547 /* See if the access check operation succeeded */
1548 if (!NT_SUCCESS(Status))
1549 {
1550 /* Check failed */
1551 SetLastError(RtlNtStatusToDosError(Status));
1552 return FALSE;
1553 }
1554
1555 /* Now check the access status */
1556 if (!NT_SUCCESS(NtAccessStatus))
1557 {
1558 /* Access denied */
1559 SetLastError(RtlNtStatusToDosError(NtAccessStatus));
1560 *AccessStatus = FALSE;
1561 }
1562 else
1563 {
1564 /* Access granted */
1565 *AccessStatus = TRUE;
1566 }
1567
1568 /* Check succeeded */
1569 return TRUE;
1570 }
1571
1572 /*
1573 * @unimplemented
1574 */
1575 BOOL WINAPI AccessCheckByType(
1576 PSECURITY_DESCRIPTOR pSecurityDescriptor,
1577 PSID PrincipalSelfSid,
1578 HANDLE ClientToken,
1579 DWORD DesiredAccess,
1580 POBJECT_TYPE_LIST ObjectTypeList,
1581 DWORD ObjectTypeListLength,
1582 PGENERIC_MAPPING GenericMapping,
1583 PPRIVILEGE_SET PrivilegeSet,
1584 LPDWORD PrivilegeSetLength,
1585 LPDWORD GrantedAccess,
1586 LPBOOL AccessStatus)
1587 {
1588 FIXME("stub\n");
1589
1590 *AccessStatus = TRUE;
1591
1592 return !*AccessStatus;
1593 }
1594
1595 /*
1596 * @implemented
1597 */
1598 BOOL
1599 WINAPI
1600 SetKernelObjectSecurity(HANDLE Handle,
1601 SECURITY_INFORMATION SecurityInformation,
1602 PSECURITY_DESCRIPTOR SecurityDescriptor)
1603 {
1604 NTSTATUS Status;
1605
1606 Status = NtSetSecurityObject(Handle,
1607 SecurityInformation,
1608 SecurityDescriptor);
1609 if (!NT_SUCCESS(Status))
1610 {
1611 SetLastError(RtlNtStatusToDosError(Status));
1612 return FALSE;
1613 }
1614
1615 return TRUE;
1616 }
1617
1618 /*
1619 * @implemented
1620 */
1621 BOOL
1622 WINAPI
1623 AddAuditAccessAce(PACL pAcl,
1624 DWORD dwAceRevision,
1625 DWORD dwAccessMask,
1626 PSID pSid,
1627 BOOL bAuditSuccess,
1628 BOOL bAuditFailure)
1629 {
1630 NTSTATUS Status;
1631
1632 Status = RtlAddAuditAccessAce(pAcl,
1633 dwAceRevision,
1634 dwAccessMask,
1635 pSid,
1636 bAuditSuccess,
1637 bAuditFailure);
1638 if (!NT_SUCCESS(Status))
1639 {
1640 SetLastError(RtlNtStatusToDosError(Status));
1641 return FALSE;
1642 }
1643
1644 return TRUE;
1645 }
1646
1647 /*
1648 * @implemented
1649 */
1650 BOOL WINAPI
1651 AddAuditAccessAceEx(PACL pAcl,
1652 DWORD dwAceRevision,
1653 DWORD AceFlags,
1654 DWORD dwAccessMask,
1655 PSID pSid,
1656 BOOL bAuditSuccess,
1657 BOOL bAuditFailure)
1658 {
1659 NTSTATUS Status;
1660
1661 Status = RtlAddAuditAccessAceEx(pAcl,
1662 dwAceRevision,
1663 AceFlags,
1664 dwAccessMask,
1665 pSid,
1666 bAuditSuccess,
1667 bAuditFailure);
1668 if (!NT_SUCCESS(Status))
1669 {
1670 SetLastError(RtlNtStatusToDosError(Status));
1671 return FALSE;
1672 }
1673
1674 return TRUE;
1675 }
1676
1677 /******************************************************************************
1678 * LookupAccountNameA [ADVAPI32.@]
1679 *
1680 * @implemented
1681 */
1682 BOOL
1683 WINAPI
1684 LookupAccountNameA(LPCSTR SystemName,
1685 LPCSTR AccountName,
1686 PSID Sid,
1687 LPDWORD SidLength,
1688 LPSTR ReferencedDomainName,
1689 LPDWORD hReferencedDomainNameLength,
1690 PSID_NAME_USE SidNameUse)
1691 {
1692 BOOL ret;
1693 UNICODE_STRING lpSystemW;
1694 UNICODE_STRING lpAccountW;
1695 LPWSTR lpReferencedDomainNameW = NULL;
1696
1697 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
1698 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
1699
1700 if (ReferencedDomainName)
1701 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
1702 0,
1703 *hReferencedDomainNameLength * sizeof(WCHAR));
1704
1705 ret = LookupAccountNameW(lpSystemW.Buffer,
1706 lpAccountW.Buffer,
1707 Sid,
1708 SidLength,
1709 lpReferencedDomainNameW,
1710 hReferencedDomainNameLength,
1711 SidNameUse);
1712
1713 if (ret && lpReferencedDomainNameW)
1714 {
1715 WideCharToMultiByte(CP_ACP,
1716 0,
1717 lpReferencedDomainNameW,
1718 *hReferencedDomainNameLength + 1,
1719 ReferencedDomainName,
1720 *hReferencedDomainNameLength + 1,
1721 NULL,
1722 NULL);
1723 }
1724
1725 RtlFreeUnicodeString(&lpSystemW);
1726 RtlFreeUnicodeString(&lpAccountW);
1727 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
1728
1729 return ret;
1730 }
1731
1732 /**********************************************************************
1733 * PrivilegeCheck EXPORTED
1734 *
1735 * @implemented
1736 */
1737 BOOL WINAPI
1738 PrivilegeCheck(HANDLE ClientToken,
1739 PPRIVILEGE_SET RequiredPrivileges,
1740 LPBOOL pfResult)
1741 {
1742 BOOLEAN Result;
1743 NTSTATUS Status;
1744
1745 Status = NtPrivilegeCheck(ClientToken,
1746 RequiredPrivileges,
1747 &Result);
1748 if (!NT_SUCCESS(Status))
1749 {
1750 SetLastError(RtlNtStatusToDosError(Status));
1751 return FALSE;
1752 }
1753
1754 *pfResult = (BOOL)Result;
1755
1756 return TRUE;
1757 }
1758
1759 /******************************************************************************
1760 * GetSecurityInfoExW EXPORTED
1761 */
1762 DWORD
1763 WINAPI
1764 GetSecurityInfoExA(HANDLE hObject,
1765 SE_OBJECT_TYPE ObjectType,
1766 SECURITY_INFORMATION SecurityInfo,
1767 LPCSTR lpProvider,
1768 LPCSTR lpProperty,
1769 PACTRL_ACCESSA *ppAccessList,
1770 PACTRL_AUDITA *ppAuditList,
1771 LPSTR *lppOwner,
1772 LPSTR *lppGroup)
1773 {
1774 FIXME("%s() not implemented!\n", __FUNCTION__);
1775 return ERROR_BAD_PROVIDER;
1776 }
1777
1778
1779 /******************************************************************************
1780 * GetSecurityInfoExW EXPORTED
1781 */
1782 DWORD
1783 WINAPI
1784 GetSecurityInfoExW(HANDLE hObject,
1785 SE_OBJECT_TYPE ObjectType,
1786 SECURITY_INFORMATION SecurityInfo,
1787 LPCWSTR lpProvider,
1788 LPCWSTR lpProperty,
1789 PACTRL_ACCESSW *ppAccessList,
1790 PACTRL_AUDITW *ppAuditList,
1791 LPWSTR *lppOwner,
1792 LPWSTR *lppGroup)
1793 {
1794 FIXME("%s() not implemented!\n", __FUNCTION__);
1795 return ERROR_BAD_PROVIDER;
1796 }
1797
1798 /******************************************************************************
1799 * BuildExplicitAccessWithNameA [ADVAPI32.@]
1800 */
1801 VOID WINAPI
1802 BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess,
1803 LPSTR pTrusteeName,
1804 DWORD AccessPermissions,
1805 ACCESS_MODE AccessMode,
1806 DWORD Inheritance)
1807 {
1808 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1809 pExplicitAccess->grfAccessMode = AccessMode;
1810 pExplicitAccess->grfInheritance = Inheritance;
1811
1812 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1813 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1814 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1815 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1816 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1817 }
1818
1819
1820 /******************************************************************************
1821 * BuildExplicitAccessWithNameW [ADVAPI32.@]
1822 */
1823 VOID WINAPI
1824 BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess,
1825 LPWSTR pTrusteeName,
1826 DWORD AccessPermissions,
1827 ACCESS_MODE AccessMode,
1828 DWORD Inheritance)
1829 {
1830 pExplicitAccess->grfAccessPermissions = AccessPermissions;
1831 pExplicitAccess->grfAccessMode = AccessMode;
1832 pExplicitAccess->grfInheritance = Inheritance;
1833
1834 pExplicitAccess->Trustee.pMultipleTrustee = NULL;
1835 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1836 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
1837 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
1838 pExplicitAccess->Trustee.ptstrName = pTrusteeName;
1839 }
1840
1841 /******************************************************************************
1842 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
1843 */
1844 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
1845 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
1846 LPSTR InheritedObjectTypeName, LPSTR Name )
1847 {
1848 DWORD ObjectsPresent = 0;
1849
1850 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1851 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
1852
1853 /* Fill the OBJECTS_AND_NAME structure */
1854 pObjName->ObjectType = ObjectType;
1855 if (ObjectTypeName != NULL)
1856 {
1857 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1858 }
1859
1860 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
1861 if (InheritedObjectTypeName != NULL)
1862 {
1863 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1864 }
1865
1866 pObjName->ObjectsPresent = ObjectsPresent;
1867 pObjName->ptstrName = Name;
1868
1869 /* Fill the TRUSTEE structure */
1870 pTrustee->pMultipleTrustee = NULL;
1871 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1872 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
1873 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1874 pTrustee->ptstrName = (LPSTR)pObjName;
1875 }
1876
1877 /******************************************************************************
1878 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
1879 */
1880 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
1881 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
1882 LPWSTR InheritedObjectTypeName, LPWSTR Name )
1883 {
1884 DWORD ObjectsPresent = 0;
1885
1886 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
1887 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
1888
1889 /* Fill the OBJECTS_AND_NAME structure */
1890 pObjName->ObjectType = ObjectType;
1891 if (ObjectTypeName != NULL)
1892 {
1893 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1894 }
1895
1896 pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
1897 if (InheritedObjectTypeName != NULL)
1898 {
1899 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1900 }
1901
1902 pObjName->ObjectsPresent = ObjectsPresent;
1903 pObjName->ptstrName = Name;
1904
1905 /* Fill the TRUSTEE structure */
1906 pTrustee->pMultipleTrustee = NULL;
1907 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1908 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
1909 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1910 pTrustee->ptstrName = (LPWSTR)pObjName;
1911 }
1912
1913 /******************************************************************************
1914 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
1915 */
1916 VOID WINAPI
1917 BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee,
1918 POBJECTS_AND_SID pObjSid,
1919 GUID *pObjectGuid,
1920 GUID *pInheritedObjectGuid,
1921 PSID pSid)
1922 {
1923 DWORD ObjectsPresent = 0;
1924
1925 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1926
1927 /* Fill the OBJECTS_AND_SID structure */
1928 if (pObjectGuid != NULL)
1929 {
1930 pObjSid->ObjectTypeGuid = *pObjectGuid;
1931 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1932 }
1933 else
1934 {
1935 ZeroMemory(&pObjSid->ObjectTypeGuid,
1936 sizeof(GUID));
1937 }
1938
1939 if (pInheritedObjectGuid != NULL)
1940 {
1941 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
1942 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1943 }
1944 else
1945 {
1946 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
1947 sizeof(GUID));
1948 }
1949
1950 pObjSid->ObjectsPresent = ObjectsPresent;
1951 pObjSid->pSid = pSid;
1952
1953 /* Fill the TRUSTEE structure */
1954 pTrustee->pMultipleTrustee = NULL;
1955 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
1956 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
1957 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
1958 pTrustee->ptstrName = (LPSTR) pObjSid;
1959 }
1960
1961
1962 /******************************************************************************
1963 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
1964 */
1965 VOID WINAPI
1966 BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee,
1967 POBJECTS_AND_SID pObjSid,
1968 GUID *pObjectGuid,
1969 GUID *pInheritedObjectGuid,
1970 PSID pSid)
1971 {
1972 DWORD ObjectsPresent = 0;
1973
1974 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
1975
1976 /* Fill the OBJECTS_AND_SID structure */
1977 if (pObjectGuid != NULL)
1978 {
1979 pObjSid->ObjectTypeGuid = *pObjectGuid;
1980 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
1981 }
1982 else
1983 {
1984 ZeroMemory(&pObjSid->ObjectTypeGuid,
1985 sizeof(GUID));
1986 }
1987
1988 if (pInheritedObjectGuid != NULL)
1989 {
1990 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
1991 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
1992 }
1993 else
1994 {
1995 ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
1996 sizeof(GUID));
1997 }
1998
1999 pObjSid->ObjectsPresent = ObjectsPresent;
2000 pObjSid->pSid = pSid;
2001
2002 /* Fill the TRUSTEE structure */
2003 pTrustee->pMultipleTrustee = NULL;
2004 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2005 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
2006 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2007 pTrustee->ptstrName = (LPWSTR) pObjSid;
2008 }
2009
2010 /******************************************************************************
2011 * BuildTrusteeWithSidA [ADVAPI32.@]
2012 */
2013 VOID WINAPI
2014 BuildTrusteeWithSidA(PTRUSTEE_A pTrustee,
2015 PSID pSid)
2016 {
2017 TRACE("%p %p\n", pTrustee, pSid);
2018
2019 pTrustee->pMultipleTrustee = NULL;
2020 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2021 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2022 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2023 pTrustee->ptstrName = (LPSTR) pSid;
2024 }
2025
2026
2027 /******************************************************************************
2028 * BuildTrusteeWithSidW [ADVAPI32.@]
2029 */
2030 VOID WINAPI
2031 BuildTrusteeWithSidW(PTRUSTEE_W pTrustee,
2032 PSID pSid)
2033 {
2034 TRACE("%p %p\n", pTrustee, pSid);
2035
2036 pTrustee->pMultipleTrustee = NULL;
2037 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2038 pTrustee->TrusteeForm = TRUSTEE_IS_SID;
2039 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2040 pTrustee->ptstrName = (LPWSTR) pSid;
2041 }
2042
2043 /******************************************************************************
2044 * BuildTrusteeWithNameA [ADVAPI32.@]
2045 */
2046 VOID WINAPI
2047 BuildTrusteeWithNameA(PTRUSTEE_A pTrustee,
2048 LPSTR name)
2049 {
2050 TRACE("%p %s\n", pTrustee, name);
2051
2052 pTrustee->pMultipleTrustee = NULL;
2053 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2054 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2055 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2056 pTrustee->ptstrName = name;
2057 }
2058
2059 /******************************************************************************
2060 * BuildTrusteeWithNameW [ADVAPI32.@]
2061 */
2062 VOID WINAPI
2063 BuildTrusteeWithNameW(PTRUSTEE_W pTrustee,
2064 LPWSTR name)
2065 {
2066 TRACE("%p %s\n", pTrustee, name);
2067
2068 pTrustee->pMultipleTrustee = NULL;
2069 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
2070 pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
2071 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
2072 pTrustee->ptstrName = name;
2073 }
2074
2075 /******************************************************************************
2076 * GetTrusteeFormA [ADVAPI32.@]
2077 */
2078 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee)
2079 {
2080 TRACE("(%p)\n", pTrustee);
2081
2082 if (!pTrustee)
2083 return TRUSTEE_BAD_FORM;
2084
2085 return pTrustee->TrusteeForm;
2086 }
2087
2088 /******************************************************************************
2089 * GetTrusteeFormW [ADVAPI32.@]
2090 */
2091 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee)
2092 {
2093 TRACE("(%p)\n", pTrustee);
2094
2095 if (!pTrustee)
2096 return TRUSTEE_BAD_FORM;
2097
2098 return pTrustee->TrusteeForm;
2099 }
2100
2101 /******************************************************************************
2102 * GetTrusteeNameA [ADVAPI32.@]
2103 */
2104 LPSTR WINAPI
2105 GetTrusteeNameA(PTRUSTEE_A pTrustee)
2106 {
2107 return pTrustee->ptstrName;
2108 }
2109
2110
2111 /******************************************************************************
2112 * GetTrusteeNameW [ADVAPI32.@]
2113 */
2114 LPWSTR WINAPI
2115 GetTrusteeNameW(PTRUSTEE_W pTrustee)
2116 {
2117 return pTrustee->ptstrName;
2118 }
2119
2120 /******************************************************************************
2121 * GetTrusteeTypeA [ADVAPI32.@]
2122 */
2123 TRUSTEE_TYPE WINAPI
2124 GetTrusteeTypeA(PTRUSTEE_A pTrustee)
2125 {
2126 return pTrustee->TrusteeType;
2127 }
2128
2129 /******************************************************************************
2130 * GetTrusteeTypeW [ADVAPI32.@]
2131 */
2132 TRUSTEE_TYPE WINAPI
2133 GetTrusteeTypeW(PTRUSTEE_W pTrustee)
2134 {
2135 return pTrustee->TrusteeType;
2136 }
2137
2138 /*
2139 * @implemented
2140 */
2141 BOOL
2142 WINAPI
2143 SetAclInformation(PACL pAcl,
2144 LPVOID pAclInformation,
2145 DWORD nAclInformationLength,
2146 ACL_INFORMATION_CLASS dwAclInformationClass)
2147 {
2148 NTSTATUS Status;
2149
2150 Status = RtlSetInformationAcl(pAcl,
2151 pAclInformation,
2152 nAclInformationLength,
2153 dwAclInformationClass);
2154 if (!NT_SUCCESS(Status))
2155 {
2156 SetLastError(RtlNtStatusToDosError(Status));
2157 return FALSE;
2158 }
2159
2160 return TRUE;
2161 }
2162
2163 /**********************************************************************
2164 * SetNamedSecurityInfoA EXPORTED
2165 *
2166 * @implemented
2167 */
2168 DWORD
2169 WINAPI
2170 SetNamedSecurityInfoA(LPSTR pObjectName,
2171 SE_OBJECT_TYPE ObjectType,
2172 SECURITY_INFORMATION SecurityInfo,
2173 PSID psidOwner,
2174 PSID psidGroup,
2175 PACL pDacl,
2176 PACL pSacl)
2177 {
2178 UNICODE_STRING ObjectName;
2179 DWORD Ret;
2180
2181 if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
2182 {
2183 return ERROR_NOT_ENOUGH_MEMORY;
2184 }
2185
2186 Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
2187 ObjectType,
2188 SecurityInfo,
2189 psidOwner,
2190 psidGroup,
2191 pDacl,
2192 pSacl);
2193
2194 RtlFreeUnicodeString(&ObjectName);
2195
2196 return Ret;
2197 }
2198
2199 /*
2200 * @implemented
2201 */
2202 BOOL
2203 WINAPI
2204 AreAllAccessesGranted(DWORD GrantedAccess,
2205 DWORD DesiredAccess)
2206 {
2207 return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
2208 DesiredAccess);
2209 }
2210
2211 /*
2212 * @implemented
2213 */
2214 BOOL
2215 WINAPI
2216 AreAnyAccessesGranted(DWORD GrantedAccess,
2217 DWORD DesiredAccess)
2218 {
2219 return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
2220 DesiredAccess);
2221 }
2222
2223 /******************************************************************************
2224 * ParseAclStringFlags
2225 */
2226 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl)
2227 {
2228 DWORD flags = 0;
2229 LPCWSTR szAcl = *StringAcl;
2230
2231 while (*szAcl && *szAcl != '(')
2232 {
2233 if (*szAcl == 'P')
2234 {
2235 flags |= SE_DACL_PROTECTED;
2236 }
2237 else if (*szAcl == 'A')
2238 {
2239 szAcl++;
2240 if (*szAcl == 'R')
2241 flags |= SE_DACL_AUTO_INHERIT_REQ;
2242 else if (*szAcl == 'I')
2243 flags |= SE_DACL_AUTO_INHERITED;
2244 }
2245 szAcl++;
2246 }
2247
2248 *StringAcl = szAcl;
2249 return flags;
2250 }
2251
2252 /******************************************************************************
2253 * ParseAceStringType
2254 */
2255 static const ACEFLAG AceType[] =
2256 {
2257 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE },
2258 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE },
2259 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE },
2260 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE },
2261 { SDDL_MANDATORY_LABEL,SYSTEM_MANDATORY_LABEL_ACE_TYPE },
2262 /*
2263 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE },
2264 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE },
2265 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE },
2266 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE },
2267 */
2268 { NULL, 0 },
2269 };
2270
2271 static BYTE ParseAceStringType(LPCWSTR* StringAcl)
2272 {
2273 UINT len = 0;
2274 LPCWSTR szAcl = *StringAcl;
2275 const ACEFLAG *lpaf = AceType;
2276
2277 while (*szAcl == ' ')
2278 szAcl++;
2279
2280 while (lpaf->wstr &&
2281 (len = strlenW(lpaf->wstr)) &&
2282 strncmpW(lpaf->wstr, szAcl, len))
2283 lpaf++;
2284
2285 if (!lpaf->wstr)
2286 return 0;
2287
2288 *StringAcl = szAcl + len;
2289 return lpaf->value;
2290 }
2291
2292
2293 /******************************************************************************
2294 * ParseAceStringFlags
2295 */
2296 static const ACEFLAG AceFlags[] =
2297 {
2298 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE },
2299 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG },
2300 { SDDL_INHERITED, INHERITED_ACE },
2301 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE },
2302 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE },
2303 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE },
2304 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG },
2305 { NULL, 0 },
2306 };
2307
2308 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl)
2309 {
2310 UINT len = 0;
2311 BYTE flags = 0;
2312 LPCWSTR szAcl = *StringAcl;
2313
2314 while (*szAcl == ' ')
2315 szAcl++;
2316
2317 while (*szAcl != ';')
2318 {
2319 const ACEFLAG *lpaf = AceFlags;
2320
2321 while (lpaf->wstr &&
2322 (len = strlenW(lpaf->wstr)) &&
2323 strncmpW(lpaf->wstr, szAcl, len))
2324 lpaf++;
2325
2326 if (!lpaf->wstr)
2327 return 0;
2328
2329 flags |= lpaf->value;
2330 szAcl += len;
2331 }
2332
2333 *StringAcl = szAcl;
2334 return flags;
2335 }
2336
2337
2338 /******************************************************************************
2339 * ParseAceStringRights
2340 */
2341 static const ACEFLAG AceRights[] =
2342 {
2343 { SDDL_GENERIC_ALL, GENERIC_ALL },
2344 { SDDL_GENERIC_READ, GENERIC_READ },
2345 { SDDL_GENERIC_WRITE, GENERIC_WRITE },
2346 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
2347
2348 { SDDL_READ_CONTROL, READ_CONTROL },
2349 { SDDL_STANDARD_DELETE, DELETE },
2350 { SDDL_WRITE_DAC, WRITE_DAC },
2351 { SDDL_WRITE_OWNER, WRITE_OWNER },
2352
2353 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
2354 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
2355 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
2356 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
2357 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
2358 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
2359 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
2360 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
2361 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
2362
2363 { SDDL_FILE_ALL, FILE_ALL_ACCESS },
2364 { SDDL_FILE_READ, FILE_GENERIC_READ },
2365 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
2366 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
2367
2368 { SDDL_KEY_ALL, KEY_ALL_ACCESS },
2369 { SDDL_KEY_READ, KEY_READ },
2370 { SDDL_KEY_WRITE, KEY_WRITE },
2371 { SDDL_KEY_EXECUTE, KEY_EXECUTE },
2372
2373 { SDDL_NO_READ_UP, SYSTEM_MANDATORY_LABEL_NO_READ_UP },
2374 { SDDL_NO_WRITE_UP, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP },
2375 { SDDL_NO_EXECUTE_UP, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP },
2376 { NULL, 0 },
2377 };
2378
2379 static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
2380 {
2381 UINT len = 0;
2382 DWORD rights = 0;
2383 LPCWSTR szAcl = *StringAcl;
2384
2385 while (*szAcl == ' ')
2386 szAcl++;
2387
2388 if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
2389 {
2390 LPCWSTR p = szAcl;
2391
2392 while (*p && *p != ';')
2393 p++;
2394
2395 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
2396 {
2397 rights = strtoulW(szAcl, NULL, 16);
2398 szAcl = p;
2399 }
2400 else
2401 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
2402 }
2403 else
2404 {
2405 while (*szAcl != ';')
2406 {
2407 const ACEFLAG *lpaf = AceRights;
2408
2409 while (lpaf->wstr &&
2410 (len = strlenW(lpaf->wstr)) &&
2411 strncmpW(lpaf->wstr, szAcl, len))
2412 {
2413 lpaf++;
2414 }
2415
2416 if (!lpaf->wstr)
2417 return 0;
2418
2419 rights |= lpaf->value;
2420 szAcl += len;
2421 }
2422 }
2423
2424 *StringAcl = szAcl;
2425 return rights;
2426 }
2427
2428
2429 /******************************************************************************
2430 * ParseStringAclToAcl
2431 *
2432 * dacl_flags(string_ace1)(string_ace2)... (string_acen)
2433 */
2434 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
2435 PACL pAcl, LPDWORD cBytes)
2436 {
2437 DWORD val;
2438 DWORD sidlen;
2439 DWORD length = sizeof(ACL);
2440 DWORD acesize = 0;
2441 DWORD acecount = 0;
2442 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
2443 DWORD error = ERROR_INVALID_ACL;
2444
2445 TRACE("%s\n", debugstr_w(StringAcl));
2446
2447 if (!StringAcl)
2448 return FALSE;
2449
2450 if (pAcl) /* pAce is only useful if we're setting values */
2451 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
2452
2453 /* Parse ACL flags */
2454 *lpdwFlags = ParseAclStringFlags(&StringAcl);
2455
2456 /* Parse ACE */
2457 while (*StringAcl == '(')
2458 {
2459 StringAcl++;
2460
2461 /* Parse ACE type */
2462 val = ParseAceStringType(&StringAcl);
2463 if (pAce)
2464 pAce->Header.AceType = (BYTE) val;
2465 if (*StringAcl != ';')
2466 {
2467 error = RPC_S_INVALID_STRING_UUID;
2468 goto lerr;
2469 }
2470 StringAcl++;
2471
2472 /* Parse ACE flags */
2473 val = ParseAceStringFlags(&StringAcl);
2474 if (pAce)
2475 pAce->Header.AceFlags = (BYTE) val;
2476 if (*StringAcl != ';')
2477 goto lerr;
2478 StringAcl++;
2479
2480 /* Parse ACE rights */
2481 val = ParseAceStringRights(&StringAcl);
2482 if (pAce)
2483 pAce->Mask = val;
2484 if (*StringAcl != ';')
2485 goto lerr;
2486 StringAcl++;
2487
2488 /* Parse ACE object guid */
2489 while (*StringAcl == ' ')
2490 StringAcl++;
2491 if (*StringAcl != ';')
2492 {
2493 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2494 goto lerr;
2495 }
2496 StringAcl++;
2497
2498 /* Parse ACE inherit object guid */
2499 while (*StringAcl == ' ')
2500 StringAcl++;
2501 if (*StringAcl != ';')
2502 {
2503 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
2504 goto lerr;
2505 }
2506 StringAcl++;
2507
2508 /* Parse ACE account sid */
2509 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
2510 {
2511 while (*StringAcl && *StringAcl != ')')
2512 StringAcl++;
2513 }
2514
2515 if (*StringAcl != ')')
2516 goto lerr;
2517 StringAcl++;
2518
2519 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen;
2520 length += acesize;
2521 if (pAce)
2522 {
2523 pAce->Header.AceSize = acesize;
2524 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize);
2525 }
2526 acecount++;
2527 }
2528
2529 *cBytes = length;
2530
2531 if (length > 0xffff)
2532 {
2533 ERR("ACL too large\n");
2534 goto lerr;
2535 }
2536
2537 if (pAcl)
2538 {
2539 pAcl->AclRevision = ACL_REVISION;
2540 pAcl->Sbz1 = 0;
2541 pAcl->AclSize = length;
2542 pAcl->AceCount = acecount;
2543 pAcl->Sbz2 = 0;
2544 }
2545 return TRUE;
2546
2547 lerr:
2548 SetLastError(error);
2549 WARN("Invalid ACE string format\n");
2550 return FALSE;
2551 }
2552
2553 /******************************************************************************
2554 * ParseStringSecurityDescriptorToSecurityDescriptor
2555 */
2556 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
2557 LPCWSTR StringSecurityDescriptor,
2558 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
2559 LPDWORD cBytes)
2560 {
2561 BOOL bret = FALSE;
2562 WCHAR toktype;
2563 WCHAR *tok;
2564 LPCWSTR lptoken;
2565 LPBYTE lpNext = NULL;
2566 DWORD len;
2567
2568 *cBytes = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
2569
2570 tok = heap_alloc( (lstrlenW(StringSecurityDescriptor) + 1) * sizeof(WCHAR));
2571
2572 if (SecurityDescriptor)
2573 lpNext = (LPBYTE)(SecurityDescriptor + 1);
2574
2575 while (*StringSecurityDescriptor == ' ')
2576 StringSecurityDescriptor++;
2577
2578 while (*StringSecurityDescriptor)
2579 {
2580 toktype = *StringSecurityDescriptor;
2581
2582 /* Expect char identifier followed by ':' */
2583 StringSecurityDescriptor++;
2584 if (*StringSecurityDescriptor != ':')
2585 {
2586 SetLastError(ERROR_INVALID_PARAMETER);
2587 goto lend;
2588 }
2589 StringSecurityDescriptor++;
2590
2591 /* Extract token */
2592 lptoken = StringSecurityDescriptor;
2593 while (*lptoken && *lptoken != ':')
2594 lptoken++;
2595
2596 if (*lptoken)
2597 lptoken--;
2598
2599 len = lptoken - StringSecurityDescriptor;
2600 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) );
2601 tok[len] = 0;
2602
2603 switch (toktype)
2604 {
2605 case 'O':
2606 {
2607 DWORD bytes;
2608
2609 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2610 goto lend;
2611
2612 if (SecurityDescriptor)
2613 {
2614 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor;
2615 lpNext += bytes; /* Advance to next token */
2616 }
2617
2618 *cBytes += bytes;
2619
2620 break;
2621 }
2622
2623 case 'G':
2624 {
2625 DWORD bytes;
2626
2627 if (!ParseStringSidToSid(tok, lpNext, &bytes))
2628 goto lend;
2629
2630 if (SecurityDescriptor)
2631 {
2632 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor;
2633 lpNext += bytes; /* Advance to next token */
2634 }
2635
2636 *cBytes += bytes;
2637
2638 break;
2639 }
2640
2641 case 'D':
2642 {
2643 DWORD flags;
2644 DWORD bytes;
2645
2646 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2647 goto lend;
2648
2649 if (SecurityDescriptor)
2650 {
2651 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
2652 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
2653 lpNext += bytes; /* Advance to next token */
2654 }
2655
2656 *cBytes += bytes;
2657
2658 break;
2659 }
2660
2661 case 'S':
2662 {
2663 DWORD flags;
2664 DWORD bytes;
2665
2666 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes))
2667 goto lend;
2668
2669 if (SecurityDescriptor)
2670 {
2671 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
2672 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
2673 lpNext += bytes; /* Advance to next token */
2674 }
2675
2676 *cBytes += bytes;
2677
2678 break;
2679 }
2680
2681 default:
2682 FIXME("Unknown token\n");
2683 SetLastError(ERROR_INVALID_PARAMETER);
2684 goto lend;
2685 }
2686
2687 StringSecurityDescriptor = lptoken;
2688 }
2689
2690 bret = TRUE;
2691
2692 lend:
2693 heap_free(tok);
2694 return bret;
2695 }
2696
2697 /* Winehq cvs 20050916 */
2698 /******************************************************************************
2699 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@]
2700 * @implemented
2701 */
2702 BOOL
2703 WINAPI
2704 ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor,
2705 DWORD StringSDRevision,
2706 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2707 PULONG SecurityDescriptorSize)
2708 {
2709 UINT len;
2710 BOOL ret = FALSE;
2711 LPWSTR StringSecurityDescriptorW;
2712
2713 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0);
2714 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR));
2715
2716 if (StringSecurityDescriptorW)
2717 {
2718 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len);
2719
2720 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW,
2721 StringSDRevision, SecurityDescriptor,
2722 SecurityDescriptorSize);
2723 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW);
2724 }
2725
2726 return ret;
2727 }
2728
2729 /******************************************************************************
2730 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@]
2731 * @implemented
2732 */
2733 BOOL WINAPI
2734 ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor,
2735 DWORD StringSDRevision,
2736 PSECURITY_DESCRIPTOR* SecurityDescriptor,
2737 PULONG SecurityDescriptorSize)
2738 {
2739 DWORD cBytes;
2740 SECURITY_DESCRIPTOR* psd;
2741 BOOL bret = FALSE;
2742
2743 TRACE("%s\n", debugstr_w(StringSecurityDescriptor));
2744
2745 if (GetVersion() & 0x80000000)
2746 {
2747 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
2748 goto lend;
2749 }
2750 else if (!StringSecurityDescriptor || !SecurityDescriptor)
2751 {
2752 SetLastError(ERROR_INVALID_PARAMETER);
2753 goto lend;
2754 }
2755 else if (StringSDRevision != SID_REVISION)
2756 {
2757 SetLastError(ERROR_UNKNOWN_REVISION);
2758 goto lend;
2759 }
2760
2761 /* Compute security descriptor length */
2762 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2763 NULL, &cBytes))
2764 goto lend;
2765
2766 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes);
2767 if (!psd) goto lend;
2768
2769 psd->Revision = SID_REVISION;
2770 psd->Control |= SE_SELF_RELATIVE;
2771
2772 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor,
2773 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes))
2774 {
2775 LocalFree(psd);
2776 goto lend;
2777 }
2778
2779 if (SecurityDescriptorSize)
2780 *SecurityDescriptorSize = cBytes;
2781
2782 bret = TRUE;
2783
2784 lend:
2785 TRACE(" ret=%d\n", bret);
2786 return bret;
2787 }
2788
2789 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen)
2790 {
2791 if (cch == -1)
2792 cch = strlenW(string);
2793
2794 if (plen)
2795 *plen += cch;
2796
2797 if (pwptr)
2798 {
2799 memcpy(*pwptr, string, sizeof(WCHAR)*cch);
2800 *pwptr += cch;
2801 }
2802 }
2803
2804 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen)
2805 {
2806 DWORD i;
2807 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 };
2808 WCHAR subauthfmt[] = { '-','%','u',0 };
2809 WCHAR buf[26];
2810 SID *pisid = psid;
2811
2812 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION)
2813 {
2814 SetLastError(ERROR_INVALID_SID);
2815 return FALSE;
2816 }
2817
2818 if (pisid->IdentifierAuthority.Value[0] ||
2819 pisid->IdentifierAuthority.Value[1])
2820 {
2821 FIXME("not matching MS' bugs\n");
2822 SetLastError(ERROR_INVALID_SID);
2823 return FALSE;
2824 }
2825
2826 sprintfW( buf, fmt, pisid->Revision,
2827 MAKELONG(
2828 MAKEWORD( pisid->IdentifierAuthority.Value[5],
2829 pisid->IdentifierAuthority.Value[4] ),
2830 MAKEWORD( pisid->IdentifierAuthority.Value[3],
2831 pisid->IdentifierAuthority.Value[2] )
2832 ) );
2833 DumpString(buf, -1, pwptr, plen);
2834
2835 for( i=0; i<pisid->SubAuthorityCount; i++ )
2836 {
2837 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] );
2838 DumpString(buf, -1, pwptr, plen);
2839 }
2840 return TRUE;
2841 }
2842
2843 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen)
2844 {
2845 size_t i;
2846 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++)
2847 {
2848 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision)))
2849 {
2850 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen);
2851 return TRUE;
2852 }
2853 }
2854
2855 return DumpSidNumeric(psid, pwptr, plen);
2856 }
2857
2858 static const LPCWSTR AceRightBitNames[32] = {
2859 SDDL_CREATE_CHILD, /* 0 */
2860 SDDL_DELETE_CHILD,
2861 SDDL_LIST_CHILDREN,
2862 SDDL_SELF_WRITE,
2863 SDDL_READ_PROPERTY, /* 4 */
2864 SDDL_WRITE_PROPERTY,
2865 SDDL_DELETE_TREE,
2866 SDDL_LIST_OBJECT,
2867 SDDL_CONTROL_ACCESS, /* 8 */
2868 NULL,
2869 NULL,
2870 NULL,
2871 NULL, /* 12 */
2872 NULL,
2873 NULL,
2874 NULL,
2875 SDDL_STANDARD_DELETE, /* 16 */
2876 SDDL_READ_CONTROL,
2877 SDDL_WRITE_DAC,
2878 SDDL_WRITE_OWNER,
2879 NULL, /* 20 */
2880 NULL,
2881 NULL,
2882 NULL,
2883 NULL, /* 24 */
2884 NULL,
2885 NULL,
2886 NULL,
2887 SDDL_GENERIC_ALL, /* 28 */
2888 SDDL_GENERIC_EXECUTE,
2889 SDDL_GENERIC_WRITE,
2890 SDDL_GENERIC_READ
2891 };
2892
2893 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen)
2894 {
2895 static const WCHAR fmtW[] = {'0','x','%','x',0};
2896 WCHAR buf[15];
2897 size_t i;
2898
2899 if (mask == 0)
2900 return;
2901
2902 /* first check if the right have name */
2903 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++)
2904 {
2905 if (AceRights[i].wstr == NULL)
2906 break;
2907 if (mask == AceRights[i].value)
2908 {
2909 DumpString(AceRights[i].wstr, -1, pwptr, plen);
2910 return;
2911 }
2912 }
2913
2914 /* then check if it can be built from bit names */
2915 for (i = 0; i < 32; i++)
2916 {
2917 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL))
2918 {
2919 /* can't be built from bit names */
2920 sprintfW(buf, fmtW, mask);
2921 DumpString(buf, -1, pwptr, plen);
2922 return;
2923 }
2924 }
2925
2926 /* build from bit names */
2927 for (i = 0; i < 32; i++)
2928 if (mask & (1 << i))
2929 DumpString(AceRightBitNames[i], -1, pwptr, plen);
2930 }
2931
2932 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen)
2933 {
2934 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */
2935 static const WCHAR openbr = '(';
2936 static const WCHAR closebr = ')';
2937 static const WCHAR semicolon = ';';
2938
2939 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE))
2940 {
2941 SetLastError(ERROR_INVALID_ACL);
2942 return FALSE;
2943 }
2944
2945 piace = pace;
2946 DumpString(&openbr, 1, pwptr, plen);
2947 switch (piace->Header.AceType)
2948 {
2949 case ACCESS_ALLOWED_ACE_TYPE:
2950 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen);
2951 break;
2952 case ACCESS_DENIED_ACE_TYPE:
2953 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen);
2954 break;
2955 case SYSTEM_AUDIT_ACE_TYPE:
2956 DumpString(SDDL_AUDIT, -1, pwptr, plen);
2957 break;
2958 case SYSTEM_ALARM_ACE_TYPE:
2959 DumpString(SDDL_ALARM, -1, pwptr, plen);
2960 break;
2961 }
2962 DumpString(&semicolon, 1, pwptr, plen);
2963
2964 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE)
2965 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen);
2966 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE)
2967 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen);
2968 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE)
2969 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen);
2970 if (piace->Header.AceFlags & INHERIT_ONLY_ACE)
2971 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen);
2972 if (piace->Header.AceFlags & INHERITED_ACE)
2973 DumpString(SDDL_INHERITED, -1, pwptr, plen);
2974 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
2975 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen);
2976 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG)
2977 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen);
2978 DumpString(&semicolon, 1, pwptr, plen);
2979 DumpRights(piace->Mask, pwptr, plen);
2980 DumpString(&semicolon, 1, pwptr, plen);
2981 /* objects not supported */
2982 DumpString(&semicolon, 1, pwptr, plen);
2983 /* objects not supported */
2984 DumpString(&semicolon, 1, pwptr, plen);
2985 if (!DumpSid((PSID)&piace->SidStart, pwptr, plen))
2986 return FALSE;
2987 DumpString(&closebr, 1, pwptr, plen);
2988 return TRUE;
2989 }
2990
2991 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited)
2992 {
2993 WORD count;
2994 int i;
2995
2996 if (protected)
2997 DumpString(SDDL_PROTECTED, -1, pwptr, plen);
2998 if (autoInheritReq)
2999 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen);
3000 if (autoInherited)
3001 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen);
3002
3003 if (pacl == NULL)
3004 return TRUE;
3005
3006 if (!IsValidAcl(pacl))
3007 return FALSE;
3008
3009 count = pacl->AceCount;
3010 for (i = 0; i < count; i++)
3011 {
3012 LPVOID ace;
3013 if (!GetAce(pacl, i, &ace))
3014 return FALSE;
3015 if (!DumpAce(ace, pwptr, plen))
3016 return FALSE;
3017 }
3018
3019 return TRUE;
3020 }
3021
3022 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3023 {
3024 static const WCHAR prefix[] = {'O',':',0};
3025 BOOL bDefaulted;
3026 PSID psid;
3027
3028 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted))
3029 return FALSE;
3030
3031 if (psid == NULL)
3032 return TRUE;
3033
3034 DumpString(prefix, -1, pwptr, plen);
3035 if (!DumpSid(psid, pwptr, plen))
3036 return FALSE;
3037 return TRUE;
3038 }
3039
3040 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3041 {
3042 static const WCHAR prefix[] = {'G',':',0};
3043 BOOL bDefaulted;
3044 PSID psid;
3045
3046 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted))
3047 return FALSE;
3048
3049 if (psid == NULL)
3050 return TRUE;
3051
3052 DumpString(prefix, -1, pwptr, plen);
3053 if (!DumpSid(psid, pwptr, plen))
3054 return FALSE;
3055 return TRUE;
3056 }
3057
3058 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3059 {
3060 static const WCHAR dacl[] = {'D',':',0};
3061 SECURITY_DESCRIPTOR_CONTROL control;
3062 BOOL present, defaulted;
3063 DWORD revision;
3064 PACL pacl;
3065
3066 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted))
3067 return FALSE;
3068
3069 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3070 return FALSE;
3071
3072 if (!present)
3073 return TRUE;
3074
3075 DumpString(dacl, 2, pwptr, plen);
3076 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED))
3077 return FALSE;
3078 return TRUE;
3079 }
3080
3081 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen)
3082 {
3083 static const WCHAR sacl[] = {'S',':',0};
3084 SECURITY_DESCRIPTOR_CONTROL control;
3085 BOOL present, defaulted;
3086 DWORD revision;
3087 PACL pacl;
3088
3089 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted))
3090 return FALSE;
3091
3092 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision))
3093 return FALSE;
3094
3095 if (!present)
3096 return TRUE;
3097
3098 DumpString(sacl, 2, pwptr, plen);
3099 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED))
3100 return FALSE;
3101 return TRUE;
3102 }
3103
3104 /******************************************************************************
3105 * ConvertSecurityDescriptorToStringSecurityDescriptorW [ADVAPI32.@]
3106 */
3107 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen)
3108 {
3109 ULONG len;
3110 WCHAR *wptr, *wstr;
3111
3112 if (SDRevision != SDDL_REVISION_1)
3113 {
3114 ERR("Program requested unknown SDDL revision %d\n", SDRevision);
3115 SetLastError(ERROR_UNKNOWN_REVISION);
3116 return FALSE;
3117 }
3118
3119 len = 0;
3120 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3121 if (!DumpOwner(SecurityDescriptor, NULL, &len))
3122 return FALSE;
3123 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3124 if (!DumpGroup(SecurityDescriptor, NULL, &len))
3125 return FALSE;
3126 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3127 if (!DumpDacl(SecurityDescriptor, NULL, &len))
3128 return FALSE;
3129 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3130 if (!DumpSacl(SecurityDescriptor, NULL, &len))
3131 return FALSE;
3132
3133 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR));
3134 #ifdef __REACTOS__
3135 if (wstr == NULL)
3136 return FALSE;
3137 #endif
3138
3139 if (RequestedInformation & OWNER_SECURITY_INFORMATION)
3140 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) {
3141 LocalFree (wstr);
3142 return FALSE;
3143 }
3144 if (RequestedInformation & GROUP_SECURITY_INFORMATION)
3145 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) {
3146 LocalFree (wstr);
3147 return FALSE;
3148 }
3149 if (RequestedInformation & DACL_SECURITY_INFORMATION)
3150 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) {
3151 LocalFree (wstr);
3152 return FALSE;
3153 }
3154 if (RequestedInformation & SACL_SECURITY_INFORMATION)
3155 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) {
3156 LocalFree (wstr);
3157 return FALSE;
3158 }
3159 *wptr = 0;
3160
3161 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len);
3162 *OutputString = wstr;
3163 if (OutputLen)
3164 *OutputLen = strlenW(*OutputString)+1;
3165 return TRUE;
3166 }
3167
3168 /******************************************************************************
3169 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@]
3170 */
3171 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
3172 {
3173 LPWSTR wstr;
3174 ULONG len;
3175 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len))
3176 {
3177 int lenA;
3178
3179 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL);
3180 *OutputString = heap_alloc(lenA);
3181 #ifdef __REACTOS__
3182 if (*OutputString == NULL)
3183 {
3184 LocalFree(wstr);
3185 *OutputLen = 0;
3186 return FALSE;
3187 }
3188 #endif
3189 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL);
3190 LocalFree(wstr);
3191
3192 if (OutputLen != NULL)
3193 *OutputLen = lenA;
3194 return TRUE;
3195 }
3196 else
3197 {
3198 *OutputString = NULL;
3199 if (OutputLen)
3200 *OutputLen = 0;
3201 return FALSE;
3202 }
3203 }
3204
3205 /******************************************************************************
3206 * ConvertStringSidToSidW [ADVAPI32.@]
3207 */
3208 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid)
3209 {
3210 BOOL bret = FALSE;
3211 DWORD cBytes;
3212
3213 TRACE("%s, %p\n", debugstr_w(StringSid), Sid);
3214 if (GetVersion() & 0x80000000)
3215 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3216 else if (!StringSid || !Sid)
3217 SetLastError(ERROR_INVALID_PARAMETER);
3218 else if (ParseStringSidToSid(StringSid, NULL, &cBytes))
3219 {
3220 PSID pSid = *Sid = LocalAlloc(0, cBytes);
3221
3222 bret = ParseStringSidToSid(StringSid, pSid, &cBytes);
3223 if (!bret)
3224 LocalFree(*Sid);
3225 }
3226 return bret;
3227 }
3228
3229 /******************************************************************************
3230 * ConvertStringSidToSidA [ADVAPI32.@]
3231 */
3232 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid)
3233 {
3234 BOOL bret = FALSE;
3235
3236 TRACE("%s, %p\n", debugstr_a(StringSid), Sid);
3237 if (GetVersion() & 0x80000000)
3238 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
3239 else if (!StringSid || !Sid)
3240 SetLastError(ERROR_INVALID_PARAMETER);
3241 else
3242 {
3243 WCHAR *wStringSid = SERV_dup(StringSid);
3244 bret = ConvertStringSidToSidW(wStringSid, Sid);
3245 heap_free(wStringSid);
3246 }
3247 return bret;
3248 }
3249
3250 /*
3251 * @implemented
3252 */
3253 BOOL
3254 WINAPI
3255 ConvertSidToStringSidW(PSID Sid,
3256 LPWSTR *StringSid)
3257 {
3258 NTSTATUS Status;
3259 UNICODE_STRING UnicodeString;
3260 WCHAR FixedBuffer[64];
3261
3262 if (!RtlValidSid(Sid))
3263 {
3264 SetLastError(ERROR_INVALID_SID);
3265 return FALSE;
3266 }
3267
3268 UnicodeString.Length = 0;
3269 UnicodeString.MaximumLength = sizeof(FixedBuffer);
3270 UnicodeString.Buffer = FixedBuffer;
3271 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, FALSE);
3272 if (STATUS_BUFFER_TOO_SMALL == Status)
3273 {
3274 Status = RtlConvertSidToUnicodeString(&UnicodeString, Sid, TRUE);
3275 }
3276
3277 if (!NT_SUCCESS(Status))
3278 {
3279 SetLastError(RtlNtStatusToDosError(Status));
3280 return FALSE;
3281 }
3282
3283 *StringSid = LocalAlloc(LMEM_FIXED, UnicodeString.Length + sizeof(WCHAR));
3284 if (NULL == *StringSid)
3285 {
3286 if (UnicodeString.Buffer != FixedBuffer)
3287 {
3288 RtlFreeUnicodeString(&UnicodeString);
3289 }
3290 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3291 return FALSE;
3292 }
3293
3294 MoveMemory(*StringSid, UnicodeString.Buffer, UnicodeString.Length);
3295 ZeroMemory((PCHAR) *StringSid + UnicodeString.Length, sizeof(WCHAR));
3296 if (UnicodeString.Buffer != FixedBuffer)
3297 {
3298 RtlFreeUnicodeString(&UnicodeString);
3299 }
3300
3301 return TRUE;
3302 }
3303
3304 /*
3305 * @implemented
3306 */
3307 BOOL
3308 WINAPI
3309 ConvertSidToStringSidA(PSID Sid,
3310 LPSTR *StringSid)
3311 {
3312 LPWSTR StringSidW;
3313 int Len;
3314
3315 if (!ConvertSidToStringSidW(Sid, &StringSidW))
3316 {
3317 return FALSE;
3318 }
3319
3320 Len = WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, NULL, 0, NULL, NULL);
3321 if (Len <= 0)
3322 {
3323 LocalFree(StringSidW);
3324 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3325 return FALSE;
3326 }
3327
3328 *StringSid = LocalAlloc(LMEM_FIXED, Len);
3329 if (NULL == *StringSid)
3330 {
3331 LocalFree(StringSidW);
3332 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
3333 return FALSE;
3334 }
3335
3336 if (!WideCharToMultiByte(CP_ACP, 0, StringSidW, -1, *StringSid, Len, NULL, NULL))
3337 {
3338 LocalFree(StringSid);
3339 LocalFree(StringSidW);
3340 return FALSE;
3341 }
3342
3343 LocalFree(StringSidW);
3344
3345 return TRUE;
3346 }
3347
3348 /*
3349 * @unimplemented
3350 */
3351 BOOL WINAPI
3352 CreateProcessWithLogonW(LPCWSTR lpUsername,
3353 LPCWSTR lpDomain,
3354 LPCWSTR lpPassword,
3355 DWORD dwLogonFlags,
3356 LPCWSTR lpApplicationName,
3357 LPWSTR lpCommandLine,
3358 DWORD dwCreationFlags,
3359 LPVOID lpEnvironment,
3360 LPCWSTR lpCurrentDirectory,
3361 LPSTARTUPINFOW lpStartupInfo,
3362 LPPROCESS_INFORMATION lpProcessInformation)
3363 {
3364 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
3365 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
3366 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
3367 lpStartupInfo, lpProcessInformation);
3368
3369 return FALSE;
3370 }
3371
3372 BOOL WINAPI CreateProcessWithTokenW(HANDLE token, DWORD logon_flags, LPCWSTR application_name, LPWSTR command_line,
3373 DWORD creation_flags, void *environment, LPCWSTR current_directory, STARTUPINFOW *startup_info,
3374 PROCESS_INFORMATION *process_information )
3375 {
3376 FIXME("%p 0x%08x %s %s 0x%08x %p %s %p %p - semi-stub\n", token,
3377 logon_flags, debugstr_w(application_name), debugstr_w(command_line),
3378 creation_flags, environment, debugstr_w(current_directory),
3379 startup_info, process_information);
3380
3381 /* FIXME: check if handles should be inherited */
3382 return CreateProcessW( application_name, command_line, NULL, NULL, FALSE, creation_flags, environment,
3383 current_directory, startup_info, process_information );
3384 }
3385
3386 /*
3387 * @implemented
3388 */
3389 BOOL WINAPI
3390 DuplicateTokenEx(IN HANDLE ExistingTokenHandle,
3391 IN DWORD dwDesiredAccess,
3392 IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL,
3393 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3394 IN TOKEN_TYPE TokenType,
3395 OUT PHANDLE DuplicateTokenHandle)
3396 {
3397 OBJECT_ATTRIBUTES ObjectAttributes;
3398 NTSTATUS Status;
3399 SECURITY_QUALITY_OF_SERVICE Sqos;
3400
3401 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess,
3402 ImpersonationLevel, TokenType, DuplicateTokenHandle);
3403
3404 Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
3405 Sqos.ImpersonationLevel = ImpersonationLevel;
3406 Sqos.ContextTrackingMode = 0;
3407 Sqos.EffectiveOnly = FALSE;
3408
3409 if (lpTokenAttributes != NULL)
3410 {
3411 InitializeObjectAttributes(&ObjectAttributes,
3412 NULL,
3413 lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
3414 NULL,
3415 lpTokenAttributes->lpSecurityDescriptor);
3416 }
3417 else
3418 {
3419 InitializeObjectAttributes(&ObjectAttributes,
3420 NULL,
3421 0,
3422 NULL,
3423 NULL);
3424 }
3425
3426 ObjectAttributes.SecurityQualityOfService = &Sqos;
3427
3428 Status = NtDuplicateToken(ExistingTokenHandle,
3429 dwDesiredAccess,
3430 &ObjectAttributes,
3431 FALSE,
3432 TokenType,
3433 DuplicateTokenHandle);
3434 if (!NT_SUCCESS(Status))
3435 {
3436 ERR("NtDuplicateToken failed: Status %08x\n", Status);
3437 SetLastError(RtlNtStatusToDosError(Status));
3438 return FALSE;
3439 }
3440
3441 TRACE("Returning token %p.\n", *DuplicateTokenHandle);
3442
3443 return TRUE;
3444 }
3445
3446 /*
3447 * @implemented
3448 */
3449 BOOL WINAPI
3450 DuplicateToken(IN HANDLE ExistingTokenHandle,
3451 IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
3452 OUT PHANDLE DuplicateTokenHandle)
3453 {
3454 return DuplicateTokenEx(ExistingTokenHandle,
3455 TOKEN_IMPERSONATE | TOKEN_QUERY,
3456 NULL,
3457 ImpersonationLevel,
3458 TokenImpersonation,
3459 DuplicateTokenHandle);
3460 }
3461
3462 /******************************************************************************
3463 * ComputeStringSidSize
3464 */
3465 static DWORD ComputeStringSidSize(LPCWSTR StringSid)
3466 {
3467 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */
3468 {
3469 int ctok = 0;
3470 while (*StringSid)
3471 {
3472 if (*StringSid == '-')
3473 ctok++;
3474 StringSid++;
3475 }
3476
3477 if (ctok >= 3)
3478 return GetSidLengthRequired(ctok - 2);
3479 }
3480 else /* String constant format - Only available in winxp and above */
3481 {
3482 unsigned int i;
3483
3484 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3485 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3486 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
3487
3488 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3489 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3490 {
3491 MAX_SID local;
3492 ADVAPI_GetComputerSid(&local);
3493 return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
3494 }
3495
3496 }
3497
3498 return GetSidLengthRequired(0);
3499 }
3500
3501 /******************************************************************************
3502 * ParseStringSidToSid
3503 */
3504 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes)
3505 {
3506 BOOL bret = FALSE;
3507 SID* pisid=pSid;
3508
3509 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes);
3510 if (!StringSid)
3511 {
3512 SetLastError(ERROR_INVALID_PARAMETER);
3513 TRACE("StringSid is NULL, returning FALSE\n");
3514 return FALSE;
3515 }
3516
3517 while (*StringSid == ' ')
3518 StringSid++;
3519
3520 if (!*StringSid)
3521 goto lend; /* ERROR_INVALID_SID */
3522
3523 *cBytes = ComputeStringSidSize(StringSid);
3524 if (!pisid) /* Simply compute the size */
3525 {
3526 TRACE("only size requested, returning TRUE with %d\n", *cBytes);
3527 return TRUE;
3528 }
3529
3530 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */
3531 {
3532 DWORD i = 0, identAuth;
3533 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD));
3534
3535 StringSid += 2; /* Advance to Revision */
3536 pisid->Revision = atoiW(StringSid);
3537
3538 if (pisid->Revision != SDDL_REVISION)
3539 {
3540 TRACE("Revision %d is unknown\n", pisid->Revision);
3541 goto lend; /* ERROR_INVALID_SID */
3542 }
3543 if (csubauth == 0)
3544 {
3545 TRACE("SubAuthorityCount is 0\n");
3546 goto lend; /* ERROR_INVALID_SID */
3547 }
3548
3549 pisid->SubAuthorityCount = csubauth;
3550
3551 /* Advance to identifier authority */
3552 while (*StringSid && *StringSid != '-')
3553 StringSid++;
3554 if (*StringSid == '-')
3555 StringSid++;
3556
3557 /* MS' implementation can't handle values greater than 2^32 - 1, so
3558 * we don't either; assume most significant bytes are always 0
3559 */
3560 pisid->IdentifierAuthority.Value[0] = 0;
3561 pisid->IdentifierAuthority.Value[1] = 0;
3562 identAuth = atoiW(StringSid);
3563 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff;
3564 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8;
3565 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16;
3566 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24;
3567
3568 /* Advance to first sub authority */
3569 while (*StringSid && *StringSid != '-')
3570 StringSid++;
3571 if (*StringSid == '-')
3572 StringSid++;
3573
3574 while (*StringSid)
3575 {
3576 pisid->SubAuthority[i++] = atoiW(StringSid);
3577
3578 while (*StringSid && *StringSid != '-')
3579 StringSid++;
3580 if (*StringSid == '-')
3581 StringSid++;
3582 }
3583
3584 if (i != pisid->SubAuthorityCount)
3585 goto lend; /* ERROR_INVALID_SID */
3586
3587 bret = TRUE;
3588 }
3589 else /* String constant format - Only available in winxp and above */
3590 {
3591 unsigned int i;
3592 pisid->Revision = SDDL_REVISION;
3593
3594 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
3595 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
3596 {
3597 DWORD j;
3598 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount;
3599 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority;
3600 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++)
3601 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j];
3602 bret = TRUE;
3603 }
3604
3605 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
3606 if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
3607 {
3608 ADVAPI_GetComputerSid(pisid);
3609 pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
3610 pisid->SubAuthorityCount++;
3611 bret = TRUE;
3612 }
3613
3614 if (!bret)
3615 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
3616 }
3617
3618 lend:
3619 if (!bret)
3620 SetLastError(ERROR_INVALID_SID);
3621
3622 TRACE("returning %s\n", bret ? "TRUE" : "FALSE");
3623 return bret;
3624 }
3625
3626 /**********************************************************************
3627 * GetNamedSecurityInfoA EXPORTED
3628 *
3629 * @implemented
3630 */
3631 DWORD
3632 WINAPI
3633 GetNamedSecurityInfoA(LPSTR pObjectName,
3634 SE_OBJECT_TYPE ObjectType,
3635 SECURITY_INFORMATION SecurityInfo,
3636 PSID *ppsidOwner,
3637 PSID *ppsidGroup,
3638 PACL *ppDacl,
3639 PACL *ppSacl,
3640 PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
3641 {
3642 DWORD len;
3643 LPWSTR wstr = NULL;
3644 DWORD r;
3645
3646 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
3647 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
3648
3649 if( pObjectName )
3650 {
3651 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
3652 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
3653 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
3654 }
3655
3656 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
3657 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
3658
3659 HeapFree( GetProcessHeap(), 0, wstr );
3660
3661 return r;
3662 }
3663
3664 /******************************************************************************
3665 * GetWindowsAccountDomainSid [ADVAPI32.@]
3666 */
3667 BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
3668 {
3669 SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
3670 DWORD required_size;
3671 int i;
3672
3673 FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
3674
3675 if (!sid || !IsValidSid( sid ))
3676 {
3677 SetLastError( ERROR_INVALID_SID );
3678 return FALSE;
3679 }
3680
3681 if (!size)
3682 {
3683 SetLastError( ERROR_INVALID_PARAMETER );
3684 return FALSE;
3685 }
3686
3687 if (*GetSidSubAuthorityCount( sid ) < 4)
3688 {
3689 SetLastError( ERROR_INVALID_SID );
3690 return FALSE;
3691 }
3692
3693 required_size = GetSidLengthRequired( 4 );
3694 if (*size < required_size || !domain_sid)
3695 {
3696 *size = required_size;
3697 SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
3698 ERROR_INVALID_PARAMETER );
3699 return FALSE;
3700 }
3701
3702 InitializeSid( domain_sid, &domain_ident, 4 );
3703 for (i = 0; i < 4; i++)
3704 *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
3705
3706 *size = required_size;
3707 return TRUE;
3708 }
3709
3710 /*
3711 * @unimplemented
3712 */
3713 BOOL
3714 WINAPI
3715 EqualDomainSid(IN PSID pSid1,
3716 IN PSID pSid2,
3717 OUT BOOL* pfEqual)
3718 {
3719 UNIMPLEMENTED;
3720 return FALSE;
3721 }
3722
3723 /* EOF */
A free Windows-compatible Operating System