{ {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
};
+/* these SIDs must be constructed as relative to some domain - only the RID is well-known */
typedef struct WELLKNOWNRID
{
+ WCHAR wstr[2];
WELL_KNOWN_SID_TYPE Type;
DWORD Rid;
} WELLKNOWNRID;
static const WELLKNOWNRID WellKnownRids[] = {
- { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
- { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
- { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
- { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
- { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
- { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
- { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
- { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
- { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
- { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
- { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
- { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
- { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
+ { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
+ { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
+ { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
+ { {0,0}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
+ { {0,0}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
+ { {0,0}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
+ { {0,0}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
+ { {0,0}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
+ { {0,0}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
+ { {0,0}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
+ { {0,0}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
+ { {0,0}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
+ { {0,0}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
};
static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
return "(too-big)";
}
-static const ACEFLAG AceRights[] =
-{
- { SDDL_GENERIC_ALL, GENERIC_ALL },
- { SDDL_GENERIC_READ, GENERIC_READ },
- { SDDL_GENERIC_WRITE, GENERIC_WRITE },
- { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
-
- { SDDL_READ_CONTROL, READ_CONTROL },
- { SDDL_STANDARD_DELETE, DELETE },
- { SDDL_WRITE_DAC, WRITE_DAC },
- { SDDL_WRITE_OWNER, WRITE_OWNER },
-
- { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
- { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
- { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
- { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
- { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
- { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
- { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
- { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
- { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
-
- { SDDL_FILE_ALL, FILE_ALL_ACCESS },
- { SDDL_FILE_READ, FILE_GENERIC_READ },
- { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
- { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
-
- { SDDL_KEY_ALL, KEY_ALL_ACCESS },
- { SDDL_KEY_READ, KEY_READ },
- { SDDL_KEY_WRITE, KEY_WRITE },
- { SDDL_KEY_EXECUTE, KEY_EXECUTE },
- { NULL, 0 },
-};
-
/* set last error code from NT status and get the proper boolean return value */
/* used for functions that are a simple wrapper around the corresponding ntdll API */
static __inline BOOL set_ntstatus( NTSTATUS status )
{
- if (status) SetLastError( RtlNtStatusToDosError( status ));
- return !status;
+ if (!NT_SUCCESS(status)) SetLastError( RtlNtStatusToDosError( status ));
+ return NT_SUCCESS(status);
}
static const RECORD SidTable[] =
{ NULL, 0 },
};
+/************************************************************
+ * ADVAPI_IsLocalComputer
+ *
+ * Checks whether the server name indicates local machine.
+ */
+BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
+{
+ DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
+ BOOL Result;
+ LPWSTR buf;
+
+ if (!ServerName || !ServerName[0])
+ return TRUE;
+
+ buf = heap_alloc(dwSize * sizeof(WCHAR));
+ Result = GetComputerNameW(buf, &dwSize);
+ if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\'))
+ ServerName += 2;
+ Result = Result && !lstrcmpW(ServerName, buf);
+ heap_free(buf);
+
+ return Result;
+}
+
+/************************************************************
+ * ADVAPI_GetComputerSid
+ */
+BOOL ADVAPI_GetComputerSid(PSID sid)
+{
+ static const struct /* same fields as struct SID */
+ {
+ BYTE Revision;
+ BYTE SubAuthorityCount;
+ SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
+ DWORD SubAuthority[4];
+ } computer_sid =
+ { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
+
+ memcpy( sid, &computer_sid, sizeof(computer_sid) );
+ return TRUE;
+}
+
/* Exported functions */
/*
return TRUE;
}
-/*
- * @implemented
+/******************************************************************************
+ * OpenThreadToken [ADVAPI32.@]
+ *
+ * Opens the access token associated with a thread handle.
+ *
+ * PARAMS
+ * ThreadHandle [I] Handle to process
+ * DesiredAccess [I] Desired access to the thread
+ * OpenAsSelf [I] ???
+ * TokenHandle [O] Destination for the token handle
+ *
+ * RETURNS
+ * Success: TRUE. TokenHandle contains the access token.
+ * Failure: FALSE.
+ *
+ * NOTES
+ * See NtOpenThreadToken.
*/
BOOL WINAPI
-OpenThreadToken(HANDLE ThreadHandle,
- DWORD DesiredAccess,
- BOOL OpenAsSelf,
- PHANDLE TokenHandle)
+OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess,
+ BOOL OpenAsSelf, HANDLE *TokenHandle)
{
- NTSTATUS Status;
-
- Status = NtOpenThreadToken(ThreadHandle,
- DesiredAccess,
- OpenAsSelf,
- TokenHandle);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
-
- return TRUE;
+ return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle));
}
/*
return TRUE;
}
-BOOL WINAPI
-CreateRestrictedToken(HANDLE TokenHandle,
- DWORD Flags,
- DWORD DisableSidCount,
- PSID_AND_ATTRIBUTES pSidAndAttributes,
- DWORD DeletePrivilegeCount,
- PLUID_AND_ATTRIBUTES pLUIDAndAttributes,
- DWORD RestrictedSidCount,
- PSID_AND_ATTRIBUTES pSIDAndAttributes,
- PHANDLE NewTokenHandle)
-{
- UNIMPLEMENTED;
- return FALSE;
-}
-
-/*
- * @implemented
+/*************************************************************************
+ * CreateRestrictedToken [ADVAPI32.@]
+ *
+ * Create a new more restricted token from an existing token.
+ *
+ * PARAMS
+ * baseToken [I] Token to base the new restricted token on
+ * flags [I] Options
+ * nDisableSids [I] Length of disableSids array
+ * disableSids [I] Array of SIDs to disable in the new token
+ * nDeletePrivs [I] Length of deletePrivs array
+ * deletePrivs [I] Array of privileges to delete in the new token
+ * nRestrictSids [I] Length of restrictSids array
+ * restrictSids [I] Array of SIDs to restrict in the new token
+ * newToken [O] Address where the new token is stored
+ *
+ * RETURNS
+ * Success: TRUE
+ * Failure: FALSE
*/
-BOOL WINAPI
-AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
- BYTE nSubAuthorityCount,
- DWORD dwSubAuthority0,
- DWORD dwSubAuthority1,
- DWORD dwSubAuthority2,
- DWORD dwSubAuthority3,
- DWORD dwSubAuthority4,
- DWORD dwSubAuthority5,
- DWORD dwSubAuthority6,
- DWORD dwSubAuthority7,
- PSID *pSid)
-{
- NTSTATUS Status;
+BOOL WINAPI CreateRestrictedToken(
+ HANDLE baseToken,
+ DWORD flags,
+ DWORD nDisableSids,
+ PSID_AND_ATTRIBUTES disableSids,
+ DWORD nDeletePrivs,
+ PLUID_AND_ATTRIBUTES deletePrivs,
+ DWORD nRestrictSids,
+ PSID_AND_ATTRIBUTES restrictSids,
+ PHANDLE newToken)
+{
+ TOKEN_TYPE type;
+ SECURITY_IMPERSONATION_LEVEL level = TokenImpersonationLevel;
+ DWORD size;
- Status = RtlAllocateAndInitializeSid(pIdentifierAuthority,
- nSubAuthorityCount,
- dwSubAuthority0,
- dwSubAuthority1,
- dwSubAuthority2,
- dwSubAuthority3,
- dwSubAuthority4,
- dwSubAuthority5,
- dwSubAuthority6,
- dwSubAuthority7,
- pSid);
- if (!NT_SUCCESS(Status))
+ FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n",
+ baseToken, flags, nDisableSids, disableSids,
+ nDeletePrivs, deletePrivs,
+ nRestrictSids, restrictSids,
+ newToken);
+
+ size = sizeof(type);
+ if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE;
+ if (type == TokenImpersonation)
{
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
+ size = sizeof(level);
+ if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size ))
+ return FALSE;
}
+ return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken );
+}
- return TRUE;
+/******************************************************************************
+ * AllocateAndInitializeSid [ADVAPI32.@]
+ *
+ * PARAMS
+ * pIdentifierAuthority []
+ * nSubAuthorityCount []
+ * nSubAuthority0 []
+ * nSubAuthority1 []
+ * nSubAuthority2 []
+ * nSubAuthority3 []
+ * nSubAuthority4 []
+ * nSubAuthority5 []
+ * nSubAuthority6 []
+ * nSubAuthority7 []
+ * pSid []
+ */
+BOOL WINAPI
+AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority,
+ BYTE nSubAuthorityCount,
+ DWORD nSubAuthority0, DWORD nSubAuthority1,
+ DWORD nSubAuthority2, DWORD nSubAuthority3,
+ DWORD nSubAuthority4, DWORD nSubAuthority5,
+ DWORD nSubAuthority6, DWORD nSubAuthority7,
+ PSID *pSid )
+{
+ return set_ntstatus( RtlAllocateAndInitializeSid(
+ pIdentifierAuthority, nSubAuthorityCount,
+ nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3,
+ nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7,
+ pSid ));
}
/*
return RtlFreeSid(pSid);
}
-/*
- * @implemented
+/******************************************************************************
+ * CopySid [ADVAPI32.@]
+ *
+ * PARAMS
+ * nDestinationSidLength []
+ * pDestinationSid []
+ * pSourceSid []
*/
BOOL WINAPI
-CopySid(DWORD nDestinationSidLength,
- PSID pDestinationSid,
- PSID pSourceSid)
+CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid )
{
- NTSTATUS Status;
-
- Status = RtlCopySid(nDestinationSidLength,
- pDestinationSid,
- pSourceSid);
- if (!NT_SUCCESS (Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
-
- return TRUE;
+ return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid));
}
/*
return (DWORD)RtlLengthSid(pSid);
}
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ DWORD dwRevision)
+{
+ NTSTATUS Status;
+
+ Status = RtlCreateSecurityDescriptor(pSecurityDescriptor,
+ dwRevision);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor,
+ PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor,
+ LPDWORD lpdwAbsoluteSecurityDescriptorSize,
+ PACL pDacl,
+ LPDWORD lpdwDaclSize,
+ PACL pSacl,
+ LPDWORD lpdwSaclSize,
+ PSID pOwner,
+ LPDWORD lpdwOwnerSize,
+ PSID pPrimaryGroup,
+ LPDWORD lpdwPrimaryGroupSize)
+{
+ NTSTATUS Status;
+
+ Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor,
+ pAbsoluteSecurityDescriptor,
+ lpdwAbsoluteSecurityDescriptorSize,
+ pDacl,
+ lpdwDaclSize,
+ pSacl,
+ lpdwSaclSize,
+ pOwner,
+ lpdwOwnerSize,
+ pPrimaryGroup,
+ lpdwPrimaryGroupSize);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/******************************************************************************
+ * GetKernelObjectSecurity [ADVAPI32.@]
+ */
+BOOL WINAPI GetKernelObjectSecurity(
+ HANDLE Handle,
+ SECURITY_INFORMATION RequestedInformation,
+ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ DWORD nLength,
+ LPDWORD lpnLengthNeeded )
+{
+ TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation,
+ pSecurityDescriptor, nLength, lpnLengthNeeded);
+
+ return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor,
+ nLength, lpnLengthNeeded ));
+}
+
/*
* @implemented
*/
return TRUE;
}
+BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe )
+{
+ IO_STATUS_BLOCK io_block;
+
+ TRACE("(%p)\n", hNamedPipe);
+
+ return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL,
+ &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) );
+}
+
/*
* @implemented
*/
return TRUE;
}
-/*
- * @implemented
+/******************************************************************************
+ * DeleteAce [ADVAPI32.@]
*/
-BOOL
-WINAPI
-DeleteAce(PACL pAcl,
- DWORD dwAceIndex)
+BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex)
{
- NTSTATUS Status;
-
- Status = RtlDeleteAce(pAcl,
- dwAceIndex);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
-
- return TRUE;
+ return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex));
}
/*
(PACE*)pAce);
}
-
-/*
- * @implemented
+/******************************************************************************
+ * GetAce [ADVAPI32.@]
*/
-BOOL
-WINAPI
-GetAce(PACL pAcl,
- DWORD dwAceIndex,
- LPVOID *pAce)
+BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce )
{
- NTSTATUS Status;
-
- Status = RtlGetAce(pAcl,
- dwAceIndex,
- pAce);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
-
- return TRUE;
+ return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce));
}
/*
return TRUE;
}
-/*
+/**********************************************************************
+ * LookupPrivilegeDisplayNameA EXPORTED
+ *
+ * @unimplemented
+ */
+BOOL
+WINAPI
+LookupPrivilegeDisplayNameA(LPCSTR lpSystemName,
+ LPCSTR lpName,
+ LPSTR lpDisplayName,
+ LPDWORD cbDisplayName,
+ LPDWORD lpLanguageId)
+{
+ FIXME("%s() not implemented!\n", __FUNCTION__);
+ SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
+ return FALSE;
+}
+
+
+/**********************************************************************
+ * LookupPrivilegeDisplayNameW EXPORTED
+ *
+ * @unimplemented
+ */
+BOOL
+WINAPI
+LookupPrivilegeDisplayNameW(LPCWSTR lpSystemName,
+ LPCWSTR lpName,
+ LPWSTR lpDisplayName,
+ LPDWORD cbDisplayName,
+ LPDWORD lpLanguageId)
+{
+ FIXME("%s() not implemented!\n", __FUNCTION__);
+ SetLastError (ERROR_CALL_NOT_IMPLEMENTED);
+ return FALSE;
+}
+
+/**********************************************************************
+ * LookupPrivilegeNameA EXPORTED
+ *
* @implemented
*/
BOOL
WINAPI
-AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
- IN HANDLE ClientToken,
- IN DWORD DesiredAccess,
- IN PGENERIC_MAPPING GenericMapping,
- OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
- IN OUT LPDWORD PrivilegeSetLength,
- OUT LPDWORD GrantedAccess,
- OUT LPBOOL AccessStatus)
+LookupPrivilegeNameA(LPCSTR lpSystemName,
+ PLUID lpLuid,
+ LPSTR lpName,
+ LPDWORD cchName)
{
- NTSTATUS Status;
- NTSTATUS NtAccessStatus;
+ UNICODE_STRING lpSystemNameW;
+ BOOL ret;
+ DWORD wLen = 0;
- /* Do the access check */
- Status = NtAccessCheck(pSecurityDescriptor,
- ClientToken,
- DesiredAccess,
- GenericMapping,
- PrivilegeSet,
- (PULONG)PrivilegeSetLength,
- (PACCESS_MASK)GrantedAccess,
- &NtAccessStatus);
+ TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName);
- /* See if the access check operation succeeded */
- if (!NT_SUCCESS(Status))
+ RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName);
+ ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen);
+ if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
- /* Check failed */
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
+ LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR));
+
+ ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW,
+ &wLen);
+ if (ret)
+ {
+ /* Windows crashes if cchName is NULL, so will I */
+ unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName,
+ *cchName, NULL, NULL);
+
+ if (len == 0)
+ {
+ /* WideCharToMultiByte failed */
+ ret = FALSE;
+ }
+ else if (len > *cchName)
+ {
+ *cchName = len;
+ SetLastError(ERROR_INSUFFICIENT_BUFFER);
+ ret = FALSE;
+ }
+ else
+ {
+ /* WideCharToMultiByte succeeded, output length needs to be
+ * length not including NULL terminator
+ */
+ *cchName = len - 1;
+ }
+ }
+ HeapFree(GetProcessHeap(), 0, lpNameW);
}
+ RtlFreeUnicodeString(&lpSystemNameW);
+ return ret;
+}
- /* Now check the access status */
- if (!NT_SUCCESS(NtAccessStatus))
+/******************************************************************************
+ * GetFileSecurityA [ADVAPI32.@]
+ *
+ * Obtains Specified information about the security of a file or directory.
+ *
+ * PARAMS
+ * lpFileName [I] Name of the file to get info for
+ * RequestedInformation [I] SE_ flags from "winnt.h"
+ * pSecurityDescriptor [O] Destination for security information
+ * nLength [I] Length of pSecurityDescriptor
+ * lpnLengthNeeded [O] Destination for length of returned security information
+ *
+ * RETURNS
+ * Success: TRUE. pSecurityDescriptor contains the requested information.
+ * Failure: FALSE. lpnLengthNeeded contains the required space to return the info.
+ *
+ * NOTES
+ * The information returned is constrained by the callers access rights and
+ * privileges.
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+GetFileSecurityA(LPCSTR lpFileName,
+ SECURITY_INFORMATION RequestedInformation,
+ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ DWORD nLength,
+ LPDWORD lpnLengthNeeded)
+{
+ UNICODE_STRING FileName;
+ BOOL bResult;
+
+ if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
+ {
+ SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+ return FALSE;
+ }
+
+ bResult = GetFileSecurityW(FileName.Buffer,
+ RequestedInformation,
+ pSecurityDescriptor,
+ nLength,
+ lpnLengthNeeded);
+
+ RtlFreeUnicodeString(&FileName);
+
+ return bResult;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+GetFileSecurityW(LPCWSTR lpFileName,
+ SECURITY_INFORMATION RequestedInformation,
+ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ DWORD nLength,
+ LPDWORD lpnLengthNeeded)
+{
+ OBJECT_ATTRIBUTES ObjectAttributes;
+ IO_STATUS_BLOCK StatusBlock;
+ UNICODE_STRING FileName;
+ ULONG AccessMask = 0;
+ HANDLE FileHandle;
+ NTSTATUS Status;
+
+ TRACE("GetFileSecurityW() called\n");
+
+ QuerySecurityAccessMask(RequestedInformation, &AccessMask);
+
+ if (!RtlDosPathNameToNtPathName_U(lpFileName,
+ &FileName,
+ NULL,
+ NULL))
+ {
+ ERR("Invalid path\n");
+ SetLastError(ERROR_INVALID_NAME);
+ return FALSE;
+ }
+
+ InitializeObjectAttributes(&ObjectAttributes,
+ &FileName,
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+
+ Status = NtOpenFile(&FileHandle,
+ AccessMask,
+ &ObjectAttributes,
+ &StatusBlock,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ 0);
+
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ FileName.Buffer);
+
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtOpenFile() failed (Status %lx)\n", Status);
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ Status = NtQuerySecurityObject(FileHandle,
+ RequestedInformation,
+ pSecurityDescriptor,
+ nLength,
+ lpnLengthNeeded);
+ NtClose(FileHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtQuerySecurityObject() failed (Status %lx)\n", Status);
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/******************************************************************************
+ * SetFileSecurityA [ADVAPI32.@]
+ * Sets the security of a file or directory
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+SetFileSecurityA(LPCSTR lpFileName,
+ SECURITY_INFORMATION SecurityInformation,
+ PSECURITY_DESCRIPTOR pSecurityDescriptor)
+{
+ UNICODE_STRING FileName;
+ BOOL bResult;
+
+ if (!RtlCreateUnicodeStringFromAsciiz(&FileName, lpFileName))
+ {
+ SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+ return FALSE;
+ }
+
+ bResult = SetFileSecurityW(FileName.Buffer,
+ SecurityInformation,
+ pSecurityDescriptor);
+
+ RtlFreeUnicodeString(&FileName);
+
+ return bResult;
+}
+
+/******************************************************************************
+ * SetFileSecurityW [ADVAPI32.@]
+ * Sets the security of a file or directory
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+SetFileSecurityW(LPCWSTR lpFileName,
+ SECURITY_INFORMATION SecurityInformation,
+ PSECURITY_DESCRIPTOR pSecurityDescriptor)
+{
+ OBJECT_ATTRIBUTES ObjectAttributes;
+ IO_STATUS_BLOCK StatusBlock;
+ UNICODE_STRING FileName;
+ ULONG AccessMask = 0;
+ HANDLE FileHandle;
+ NTSTATUS Status;
+
+ TRACE("SetFileSecurityW() called\n");
+
+ SetSecurityAccessMask(SecurityInformation, &AccessMask);
+
+ if (!RtlDosPathNameToNtPathName_U(lpFileName,
+ &FileName,
+ NULL,
+ NULL))
+ {
+ ERR("Invalid path\n");
+ SetLastError(ERROR_INVALID_NAME);
+ return FALSE;
+ }
+
+ InitializeObjectAttributes(&ObjectAttributes,
+ &FileName,
+ OBJ_CASE_INSENSITIVE,
+ NULL,
+ NULL);
+
+ Status = NtOpenFile(&FileHandle,
+ AccessMask,
+ &ObjectAttributes,
+ &StatusBlock,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ 0);
+
+ RtlFreeHeap(RtlGetProcessHeap(),
+ 0,
+ FileName.Buffer);
+
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtOpenFile() failed (Status %lx)\n", Status);
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ Status = NtSetSecurityObject(FileHandle,
+ SecurityInformation,
+ pSecurityDescriptor);
+ NtClose(FileHandle);
+
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtSetSecurityObject() failed (Status %lx)\n", Status);
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/******************************************************************************
+ * QueryWindows31FilesMigration [ADVAPI32.@]
+ *
+ * PARAMS
+ * x1 []
+ */
+BOOL WINAPI
+QueryWindows31FilesMigration( DWORD x1 )
+{
+ FIXME("(%d):stub\n",x1);
+ return TRUE;
+}
+
+/******************************************************************************
+ * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@]
+ *
+ * PARAMS
+ * x1 []
+ * x2 []
+ * x3 []
+ * x4 []
+ */
+BOOL WINAPI
+SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3,
+ DWORD x4 )
+{
+ FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4);
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+RevertToSelf(VOID)
+{
+ NTSTATUS Status;
+ HANDLE Token = NULL;
+
+ Status = NtSetInformationThread(NtCurrentThread(),
+ ThreadImpersonationToken,
+ &Token,
+ sizeof(HANDLE));
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
+{
+ NTSTATUS Status;
+
+ Status = RtlImpersonateSelf(ImpersonationLevel);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ IN HANDLE ClientToken,
+ IN DWORD DesiredAccess,
+ IN PGENERIC_MAPPING GenericMapping,
+ OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL,
+ IN OUT LPDWORD PrivilegeSetLength,
+ OUT LPDWORD GrantedAccess,
+ OUT LPBOOL AccessStatus)
+{
+ NTSTATUS Status;
+ NTSTATUS NtAccessStatus;
+
+ /* Do the access check */
+ Status = NtAccessCheck(pSecurityDescriptor,
+ ClientToken,
+ DesiredAccess,
+ GenericMapping,
+ PrivilegeSet,
+ (PULONG)PrivilegeSetLength,
+ (PACCESS_MASK)GrantedAccess,
+ &NtAccessStatus);
+
+ /* See if the access check operation succeeded */
+ if (!NT_SUCCESS(Status))
+ {
+ /* Check failed */
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ /* Now check the access status */
+ if (!NT_SUCCESS(NtAccessStatus))
+ {
+ /* Access denied */
+ SetLastError(RtlNtStatusToDosError(NtAccessStatus));
+ *AccessStatus = FALSE;
+ }
+ else
+ {
+ /* Access granted */
+ *AccessStatus = TRUE;
+ }
+
+ /* Check succeeded */
+ return TRUE;
+}
+
+/*
+ * @unimplemented
+ */
+BOOL WINAPI AccessCheckByType(
+ PSECURITY_DESCRIPTOR pSecurityDescriptor,
+ PSID PrincipalSelfSid,
+ HANDLE ClientToken,
+ DWORD DesiredAccess,
+ POBJECT_TYPE_LIST ObjectTypeList,
+ DWORD ObjectTypeListLength,
+ PGENERIC_MAPPING GenericMapping,
+ PPRIVILEGE_SET PrivilegeSet,
+ LPDWORD PrivilegeSetLength,
+ LPDWORD GrantedAccess,
+ LPBOOL AccessStatus)
+{
+ FIXME("stub\n");
+
+ *AccessStatus = TRUE;
+
+ return !*AccessStatus;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+SetKernelObjectSecurity(HANDLE Handle,
+ SECURITY_INFORMATION SecurityInformation,
+ PSECURITY_DESCRIPTOR SecurityDescriptor)
+{
+ NTSTATUS Status;
+
+ Status = NtSetSecurityObject(Handle,
+ SecurityInformation,
+ SecurityDescriptor);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+AddAuditAccessAce(PACL pAcl,
+ DWORD dwAceRevision,
+ DWORD dwAccessMask,
+ PSID pSid,
+ BOOL bAuditSuccess,
+ BOOL bAuditFailure)
+{
+ NTSTATUS Status;
+
+ Status = RtlAddAuditAccessAce(pAcl,
+ dwAceRevision,
+ dwAccessMask,
+ pSid,
+ bAuditSuccess,
+ bAuditFailure);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/*
+ * @implemented
+ */
+BOOL WINAPI
+AddAuditAccessAceEx(PACL pAcl,
+ DWORD dwAceRevision,
+ DWORD AceFlags,
+ DWORD dwAccessMask,
+ PSID pSid,
+ BOOL bAuditSuccess,
+ BOOL bAuditFailure)
+{
+ NTSTATUS Status;
+
+ Status = RtlAddAuditAccessAceEx(pAcl,
+ dwAceRevision,
+ AceFlags,
+ dwAccessMask,
+ pSid,
+ bAuditSuccess,
+ bAuditFailure);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/******************************************************************************
+ * LookupAccountNameA [ADVAPI32.@]
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+LookupAccountNameA(LPCSTR SystemName,
+ LPCSTR AccountName,
+ PSID Sid,
+ LPDWORD SidLength,
+ LPSTR ReferencedDomainName,
+ LPDWORD hReferencedDomainNameLength,
+ PSID_NAME_USE SidNameUse)
+{
+ BOOL ret;
+ UNICODE_STRING lpSystemW;
+ UNICODE_STRING lpAccountW;
+ LPWSTR lpReferencedDomainNameW = NULL;
+
+ RtlCreateUnicodeStringFromAsciiz(&lpSystemW, SystemName);
+ RtlCreateUnicodeStringFromAsciiz(&lpAccountW, AccountName);
+
+ if (ReferencedDomainName)
+ lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(),
+ 0,
+ *hReferencedDomainNameLength * sizeof(WCHAR));
+
+ ret = LookupAccountNameW(lpSystemW.Buffer,
+ lpAccountW.Buffer,
+ Sid,
+ SidLength,
+ lpReferencedDomainNameW,
+ hReferencedDomainNameLength,
+ SidNameUse);
+
+ if (ret && lpReferencedDomainNameW)
+ {
+ WideCharToMultiByte(CP_ACP,
+ 0,
+ lpReferencedDomainNameW,
+ *hReferencedDomainNameLength + 1,
+ ReferencedDomainName,
+ *hReferencedDomainNameLength + 1,
+ NULL,
+ NULL);
+ }
+
+ RtlFreeUnicodeString(&lpSystemW);
+ RtlFreeUnicodeString(&lpAccountW);
+ HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW);
+
+ return ret;
+}
+
+/**********************************************************************
+ * PrivilegeCheck EXPORTED
+ *
+ * @implemented
+ */
+BOOL WINAPI
+PrivilegeCheck(HANDLE ClientToken,
+ PPRIVILEGE_SET RequiredPrivileges,
+ LPBOOL pfResult)
+{
+ BOOLEAN Result;
+ NTSTATUS Status;
+
+ Status = NtPrivilegeCheck(ClientToken,
+ RequiredPrivileges,
+ &Result);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ *pfResult = (BOOL)Result;
+
+ return TRUE;
+}
+
+/******************************************************************************
+ * GetSecurityInfoExW EXPORTED
+ */
+DWORD
+WINAPI
+GetSecurityInfoExA(HANDLE hObject,
+ SE_OBJECT_TYPE ObjectType,
+ SECURITY_INFORMATION SecurityInfo,
+ LPCSTR lpProvider,
+ LPCSTR lpProperty,
+ PACTRL_ACCESSA *ppAccessList,
+ PACTRL_AUDITA *ppAuditList,
+ LPSTR *lppOwner,
+ LPSTR *lppGroup)
+{
+ FIXME("%s() not implemented!\n", __FUNCTION__);
+ return ERROR_BAD_PROVIDER;
+}
+
+
+/******************************************************************************
+ * GetSecurityInfoExW EXPORTED
+ */
+DWORD
+WINAPI
+GetSecurityInfoExW(HANDLE hObject,
+ SE_OBJECT_TYPE ObjectType,
+ SECURITY_INFORMATION SecurityInfo,
+ LPCWSTR lpProvider,
+ LPCWSTR lpProperty,
+ PACTRL_ACCESSW *ppAccessList,
+ PACTRL_AUDITW *ppAuditList,
+ LPWSTR *lppOwner,
+ LPWSTR *lppGroup)
+{
+ FIXME("%s() not implemented!\n", __FUNCTION__);
+ return ERROR_BAD_PROVIDER;
+}
+
+/******************************************************************************
+ * BuildExplicitAccessWithNameA [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildExplicitAccessWithNameA(PEXPLICIT_ACCESSA pExplicitAccess,
+ LPSTR pTrusteeName,
+ DWORD AccessPermissions,
+ ACCESS_MODE AccessMode,
+ DWORD Inheritance)
+{
+ pExplicitAccess->grfAccessPermissions = AccessPermissions;
+ pExplicitAccess->grfAccessMode = AccessMode;
+ pExplicitAccess->grfInheritance = Inheritance;
+
+ pExplicitAccess->Trustee.pMultipleTrustee = NULL;
+ pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+ pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pExplicitAccess->Trustee.ptstrName = pTrusteeName;
+}
+
+
+/******************************************************************************
+ * BuildExplicitAccessWithNameW [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildExplicitAccessWithNameW(PEXPLICIT_ACCESSW pExplicitAccess,
+ LPWSTR pTrusteeName,
+ DWORD AccessPermissions,
+ ACCESS_MODE AccessMode,
+ DWORD Inheritance)
+{
+ pExplicitAccess->grfAccessPermissions = AccessPermissions;
+ pExplicitAccess->grfAccessMode = AccessMode;
+ pExplicitAccess->grfInheritance = Inheritance;
+
+ pExplicitAccess->Trustee.pMultipleTrustee = NULL;
+ pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME;
+ pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pExplicitAccess->Trustee.ptstrName = pTrusteeName;
+}
+
+/******************************************************************************
+ * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@]
+ */
+VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName,
+ SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName,
+ LPSTR InheritedObjectTypeName, LPSTR Name )
+{
+ DWORD ObjectsPresent = 0;
+
+ TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
+ ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name));
+
+ /* Fill the OBJECTS_AND_NAME structure */
+ pObjName->ObjectType = ObjectType;
+ if (ObjectTypeName != NULL)
+ {
+ ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
+ }
+
+ pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
+ if (InheritedObjectTypeName != NULL)
+ {
+ ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
+ }
+
+ pObjName->ObjectsPresent = ObjectsPresent;
+ pObjName->ptstrName = Name;
+
+ /* Fill the TRUSTEE structure */
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPSTR)pObjName;
+}
+
+/******************************************************************************
+ * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@]
+ */
+VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName,
+ SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName,
+ LPWSTR InheritedObjectTypeName, LPWSTR Name )
+{
+ DWORD ObjectsPresent = 0;
+
+ TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName,
+ ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name));
+
+ /* Fill the OBJECTS_AND_NAME structure */
+ pObjName->ObjectType = ObjectType;
+ if (ObjectTypeName != NULL)
+ {
+ ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
+ }
+
+ pObjName->InheritedObjectTypeName = InheritedObjectTypeName;
+ if (InheritedObjectTypeName != NULL)
+ {
+ ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
+ }
+
+ pObjName->ObjectsPresent = ObjectsPresent;
+ pObjName->ptstrName = Name;
+
+ /* Fill the TRUSTEE structure */
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPWSTR)pObjName;
+}
+
+/******************************************************************************
+ * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildTrusteeWithObjectsAndSidA(PTRUSTEEA pTrustee,
+ POBJECTS_AND_SID pObjSid,
+ GUID *pObjectGuid,
+ GUID *pInheritedObjectGuid,
+ PSID pSid)
+{
+ DWORD ObjectsPresent = 0;
+
+ TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
+
+ /* Fill the OBJECTS_AND_SID structure */
+ if (pObjectGuid != NULL)
+ {
+ pObjSid->ObjectTypeGuid = *pObjectGuid;
+ ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
+ }
+ else
+ {
+ ZeroMemory(&pObjSid->ObjectTypeGuid,
+ sizeof(GUID));
+ }
+
+ if (pInheritedObjectGuid != NULL)
+ {
+ pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
+ ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
+ }
+ else
+ {
+ ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
+ sizeof(GUID));
+ }
+
+ pObjSid->ObjectsPresent = ObjectsPresent;
+ pObjSid->pSid = pSid;
+
+ /* Fill the TRUSTEE structure */
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPSTR) pObjSid;
+}
+
+
+/******************************************************************************
+ * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildTrusteeWithObjectsAndSidW(PTRUSTEEW pTrustee,
+ POBJECTS_AND_SID pObjSid,
+ GUID *pObjectGuid,
+ GUID *pInheritedObjectGuid,
+ PSID pSid)
+{
+ DWORD ObjectsPresent = 0;
+
+ TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid);
+
+ /* Fill the OBJECTS_AND_SID structure */
+ if (pObjectGuid != NULL)
+ {
+ pObjSid->ObjectTypeGuid = *pObjectGuid;
+ ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT;
+ }
+ else
+ {
+ ZeroMemory(&pObjSid->ObjectTypeGuid,
+ sizeof(GUID));
+ }
+
+ if (pInheritedObjectGuid != NULL)
{
- /* Access denied */
- SetLastError(RtlNtStatusToDosError(NtAccessStatus));
- *AccessStatus = FALSE;
+ pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid;
+ ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
else
{
- /* Access granted */
- *AccessStatus = TRUE;
+ ZeroMemory(&pObjSid->InheritedObjectTypeGuid,
+ sizeof(GUID));
}
- /* Check succeeded */
- return TRUE;
+ pObjSid->ObjectsPresent = ObjectsPresent;
+ pObjSid->pSid = pSid;
+
+ /* Fill the TRUSTEE structure */
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPWSTR) pObjSid;
}
-/*
- * @unimplemented
+/******************************************************************************
+ * BuildTrusteeWithSidA [ADVAPI32.@]
*/
-BOOL WINAPI AccessCheckByType(
- PSECURITY_DESCRIPTOR pSecurityDescriptor,
- PSID PrincipalSelfSid,
- HANDLE ClientToken,
- DWORD DesiredAccess,
- POBJECT_TYPE_LIST ObjectTypeList,
- DWORD ObjectTypeListLength,
- PGENERIC_MAPPING GenericMapping,
- PPRIVILEGE_SET PrivilegeSet,
- LPDWORD PrivilegeSetLength,
- LPDWORD GrantedAccess,
- LPBOOL AccessStatus)
+VOID WINAPI
+BuildTrusteeWithSidA(PTRUSTEE_A pTrustee,
+ PSID pSid)
{
- FIXME("stub\n");
+ TRACE("%p %p\n", pTrustee, pSid);
- *AccessStatus = TRUE;
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_SID;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPSTR) pSid;
+}
- return !*AccessStatus;
+
+/******************************************************************************
+ * BuildTrusteeWithSidW [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildTrusteeWithSidW(PTRUSTEE_W pTrustee,
+ PSID pSid)
+{
+ TRACE("%p %p\n", pTrustee, pSid);
+
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_SID;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = (LPWSTR) pSid;
}
-/*
- * @implemented
+/******************************************************************************
+ * BuildTrusteeWithNameA [ADVAPI32.@]
*/
-BOOL
-WINAPI
-AddAuditAccessAce(PACL pAcl,
- DWORD dwAceRevision,
- DWORD dwAccessMask,
- PSID pSid,
- BOOL bAuditSuccess,
- BOOL bAuditFailure)
+VOID WINAPI
+BuildTrusteeWithNameA(PTRUSTEE_A pTrustee,
+ LPSTR name)
{
- NTSTATUS Status;
+ TRACE("%p %s\n", pTrustee, name);
- Status = RtlAddAuditAccessAce(pAcl,
- dwAceRevision,
- dwAccessMask,
- pSid,
- bAuditSuccess,
- bAuditFailure);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = name;
+}
- return TRUE;
+/******************************************************************************
+ * BuildTrusteeWithNameW [ADVAPI32.@]
+ */
+VOID WINAPI
+BuildTrusteeWithNameW(PTRUSTEE_W pTrustee,
+ LPWSTR name)
+{
+ TRACE("%p %s\n", pTrustee, name);
+
+ pTrustee->pMultipleTrustee = NULL;
+ pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
+ pTrustee->TrusteeForm = TRUSTEE_IS_NAME;
+ pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN;
+ pTrustee->ptstrName = name;
}
-/*
- * @implemented
+/******************************************************************************
+ * GetTrusteeFormW [ADVAPI32.@]
*/
-BOOL WINAPI
-AddAuditAccessAceEx(PACL pAcl,
- DWORD dwAceRevision,
- DWORD AceFlags,
- DWORD dwAccessMask,
- PSID pSid,
- BOOL bAuditSuccess,
- BOOL bAuditFailure)
+TRUSTEE_FORM WINAPI
+GetTrusteeFormA(PTRUSTEE_A pTrustee)
{
- NTSTATUS Status;
+ return pTrustee->TrusteeForm;
+}
- Status = RtlAddAuditAccessAceEx(pAcl,
- dwAceRevision,
- AceFlags,
- dwAccessMask,
- pSid,
- bAuditSuccess,
- bAuditFailure);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
- return TRUE;
+/******************************************************************************
+ * GetTrusteeFormW [ADVAPI32.@]
+ */
+TRUSTEE_FORM WINAPI
+GetTrusteeFormW(PTRUSTEE_W pTrustee)
+{
+ return pTrustee->TrusteeForm;
}
-/**********************************************************************
- * PrivilegeCheck EXPORTED
- *
- * @implemented
+/******************************************************************************
+ * GetTrusteeNameA [ADVAPI32.@]
*/
-BOOL WINAPI
-PrivilegeCheck(HANDLE ClientToken,
- PPRIVILEGE_SET RequiredPrivileges,
- LPBOOL pfResult)
+LPSTR WINAPI
+GetTrusteeNameA(PTRUSTEE_A pTrustee)
{
- BOOLEAN Result;
- NTSTATUS Status;
+ return pTrustee->ptstrName;
+}
- Status = NtPrivilegeCheck(ClientToken,
- RequiredPrivileges,
- &Result);
- if (!NT_SUCCESS(Status))
- {
- SetLastError(RtlNtStatusToDosError(Status));
- return FALSE;
- }
- *pfResult = (BOOL)Result;
+/******************************************************************************
+ * GetTrusteeNameW [ADVAPI32.@]
+ */
+LPWSTR WINAPI
+GetTrusteeNameW(PTRUSTEE_W pTrustee)
+{
+ return pTrustee->ptstrName;
+}
- return TRUE;
+/******************************************************************************
+ * GetTrusteeTypeA [ADVAPI32.@]
+ */
+TRUSTEE_TYPE WINAPI
+GetTrusteeTypeA(PTRUSTEE_A pTrustee)
+{
+ return pTrustee->TrusteeType;
+}
+
+/******************************************************************************
+ * GetTrusteeTypeW [ADVAPI32.@]
+ */
+TRUSTEE_TYPE WINAPI
+GetTrusteeTypeW(PTRUSTEE_W pTrustee)
+{
+ return pTrustee->TrusteeType;
}
/*
return TRUE;
}
+/**********************************************************************
+ * SetNamedSecurityInfoA EXPORTED
+ *
+ * @implemented
+ */
+DWORD
+WINAPI
+SetNamedSecurityInfoA(LPSTR pObjectName,
+ SE_OBJECT_TYPE ObjectType,
+ SECURITY_INFORMATION SecurityInfo,
+ PSID psidOwner,
+ PSID psidGroup,
+ PACL pDacl,
+ PACL pSacl)
+{
+ UNICODE_STRING ObjectName;
+ DWORD Ret;
+
+ if (!RtlCreateUnicodeStringFromAsciiz(&ObjectName, pObjectName))
+ {
+ return ERROR_NOT_ENOUGH_MEMORY;
+ }
+
+ Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
+ ObjectType,
+ SecurityInfo,
+ psidOwner,
+ psidGroup,
+ pDacl,
+ pSacl);
+
+ RtlFreeUnicodeString(&ObjectName);
+
+ return Ret;
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+AreAllAccessesGranted(DWORD GrantedAccess,
+ DWORD DesiredAccess)
+{
+ return (BOOL)RtlAreAllAccessesGranted(GrantedAccess,
+ DesiredAccess);
+}
+
+/*
+ * @implemented
+ */
+BOOL
+WINAPI
+AreAnyAccessesGranted(DWORD GrantedAccess,
+ DWORD DesiredAccess)
+{
+ return (BOOL)RtlAreAnyAccessesGranted(GrantedAccess,
+ DesiredAccess);
+}
+
/******************************************************************************
* ParseAclStringFlags
*/
LPCWSTR szAcl = *StringAcl;
const ACEFLAG *lpaf = AceType;
+ while (*szAcl == ' ')
+ szAcl++;
+
while (lpaf->wstr &&
(len = strlenW(lpaf->wstr)) &&
strncmpW(lpaf->wstr, szAcl, len))
if (!lpaf->wstr)
return 0;
- *StringAcl += len;
+ *StringAcl = szAcl + len;
return lpaf->value;
}
BYTE flags = 0;
LPCWSTR szAcl = *StringAcl;
+ while (*szAcl == ' ')
+ szAcl++;
+
while (*szAcl != ';')
{
const ACEFLAG *lpaf = AceFlags;
if (!lpaf->wstr)
return 0;
- flags |= lpaf->value;
+ flags |= lpaf->value;
szAcl += len;
}
/******************************************************************************
* ParseAceStringRights
*/
+static const ACEFLAG AceRights[] =
+{
+ { SDDL_GENERIC_ALL, GENERIC_ALL },
+ { SDDL_GENERIC_READ, GENERIC_READ },
+ { SDDL_GENERIC_WRITE, GENERIC_WRITE },
+ { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE },
+
+ { SDDL_READ_CONTROL, READ_CONTROL },
+ { SDDL_STANDARD_DELETE, DELETE },
+ { SDDL_WRITE_DAC, WRITE_DAC },
+ { SDDL_WRITE_OWNER, WRITE_OWNER },
+
+ { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP},
+ { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP},
+ { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD},
+ { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD},
+ { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST},
+ { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF},
+ { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT},
+ { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE},
+ { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS},
+
+ { SDDL_FILE_ALL, FILE_ALL_ACCESS },
+ { SDDL_FILE_READ, FILE_GENERIC_READ },
+ { SDDL_FILE_WRITE, FILE_GENERIC_WRITE },
+ { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE },
+
+ { SDDL_KEY_ALL, KEY_ALL_ACCESS },
+ { SDDL_KEY_READ, KEY_READ },
+ { SDDL_KEY_WRITE, KEY_WRITE },
+ { SDDL_KEY_EXECUTE, KEY_EXECUTE },
+ { NULL, 0 },
+};
+
static DWORD ParseAceStringRights(LPCWSTR* StringAcl)
{
UINT len = 0;
DWORD rights = 0;
LPCWSTR szAcl = *StringAcl;
+ while (*szAcl == ' ')
+ szAcl++;
+
if ((*szAcl == '0') && (*(szAcl + 1) == 'x'))
{
LPCWSTR p = szAcl;
- while (*p && *p != ';')
+ while (*p && *p != ';')
p++;
- if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
- {
- rights = strtoulW(szAcl, NULL, 16);
- szAcl = p;
- }
- else
+ if (p - szAcl <= 10 /* 8 hex digits + "0x" */ )
+ {
+ rights = strtoulW(szAcl, NULL, 16);
+ szAcl = p;
+ }
+ else
WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl));
}
else
const ACEFLAG *lpaf = AceRights;
while (lpaf->wstr &&
- (len = strlenW(lpaf->wstr)) &&
- strncmpW(lpaf->wstr, szAcl, len))
- {
- lpaf++;
- }
+ (len = strlenW(lpaf->wstr)) &&
+ strncmpW(lpaf->wstr, szAcl, len))
+ {
+ lpaf++;
+ }
if (!lpaf->wstr)
return 0;
- rights |= lpaf->value;
+ rights |= lpaf->value;
szAcl += len;
}
}
*
* dacl_flags(string_ace1)(string_ace2)... (string_acen)
*/
-static BOOL
-ParseStringAclToAcl(LPCWSTR StringAcl,
- LPDWORD lpdwFlags,
- PACL pAcl,
- LPDWORD cBytes)
+static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags,
+ PACL pAcl, LPDWORD cBytes)
{
DWORD val;
DWORD sidlen;
DWORD acesize = 0;
DWORD acecount = 0;
PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */
+ DWORD error = ERROR_INVALID_ACL;
TRACE("%s\n", debugstr_w(StringAcl));
if (!StringAcl)
- return FALSE;
+ return FALSE;
if (pAcl) /* pAce is only useful if we're setting values */
pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1);
/* Parse ACE type */
val = ParseAceStringType(&StringAcl);
- if (pAce)
+ if (pAce)
pAce->Header.AceType = (BYTE) val;
if (*StringAcl != ';')
+ {
+ error = RPC_S_INVALID_STRING_UUID;
goto lerr;
+ }
StringAcl++;
/* Parse ACE flags */
- val = ParseAceStringFlags(&StringAcl);
- if (pAce)
+ val = ParseAceStringFlags(&StringAcl);
+ if (pAce)
pAce->Header.AceFlags = (BYTE) val;
if (*StringAcl != ';')
goto lerr;
StringAcl++;
/* Parse ACE rights */
- val = ParseAceStringRights(&StringAcl);
- if (pAce)
+ val = ParseAceStringRights(&StringAcl);
+ if (pAce)
pAce->Mask = val;
if (*StringAcl != ';')
goto lerr;
StringAcl++;
/* Parse ACE object guid */
+ while (*StringAcl == ' ')
+ StringAcl++;
if (*StringAcl != ';')
{
FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
StringAcl++;
/* Parse ACE inherit object guid */
+ while (*StringAcl == ' ')
+ StringAcl++;
if (*StringAcl != ';')
{
FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n");
/* Parse ACE account sid */
if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen))
- {
+ {
while (*StringAcl && *StringAcl != ')')
StringAcl++;
- }
+ }
if (*StringAcl != ')')
goto lerr;
return TRUE;
lerr:
- SetLastError(ERROR_INVALID_ACL);
+ SetLastError(error);
WARN("Invalid ACE string format\n");
return FALSE;
}
/******************************************************************************
* ParseStringSecurityDescriptorToSecurityDescriptor
*/
-static BOOL
-ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor,
- SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
- LPDWORD cBytes)
+static BOOL ParseStringSecurityDescriptorToSecurityDescriptor(
+ LPCWSTR StringSecurityDescriptor,
+ SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor,
+ LPDWORD cBytes)
{
BOOL bret = FALSE;
WCHAR toktype;
if (SecurityDescriptor)
lpNext = (LPBYTE)(SecurityDescriptor + 1);
+ while (*StringSecurityDescriptor == ' ')
+ StringSecurityDescriptor++;
+
while (*StringSecurityDescriptor)
{
toktype = *StringSecurityDescriptor;
- /* Expect char identifier followed by ':' */
- StringSecurityDescriptor++;
+ /* Expect char identifier followed by ':' */
+ StringSecurityDescriptor++;
if (*StringSecurityDescriptor != ':')
{
SetLastError(ERROR_INVALID_PARAMETER);
goto lend;
}
- StringSecurityDescriptor++;
+ StringSecurityDescriptor++;
- /* Extract token */
- lptoken = StringSecurityDescriptor;
- while (*lptoken && *lptoken != ':')
+ /* Extract token */
+ lptoken = StringSecurityDescriptor;
+ while (*lptoken && *lptoken != ':')
lptoken++;
- if (*lptoken)
+ if (*lptoken)
lptoken--;
len = lptoken - StringSecurityDescriptor;
tok[len] = 0;
switch (toktype)
- {
+ {
case 'O':
{
DWORD bytes;
lpNext += bytes; /* Advance to next token */
}
- *cBytes += bytes;
+ *cBytes += bytes;
break;
}
lpNext += bytes; /* Advance to next token */
}
- *cBytes += bytes;
+ *cBytes += bytes;
break;
}
case 'D':
- {
+ {
DWORD flags;
DWORD bytes;
SecurityDescriptor->Control |= SE_DACL_PRESENT | flags;
SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor;
lpNext += bytes; /* Advance to next token */
- }
+ }
- *cBytes += bytes;
+ *cBytes += bytes;
- break;
+ break;
}
case 'S':
SecurityDescriptor->Control |= SE_SACL_PRESENT | flags;
SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor;
lpNext += bytes; /* Advance to next token */
- }
+ }
- *cBytes += bytes;
+ *cBytes += bytes;
- break;
+ break;
}
default:
FIXME("Unknown token\n");
SetLastError(ERROR_INVALID_PARAMETER);
- goto lend;
- }
+ goto lend;
+ }
StringSecurityDescriptor = lptoken;
}
return TRUE;
}
+/*
+ * @unimplemented
+ */
+BOOL WINAPI
+CreateProcessWithLogonW(LPCWSTR lpUsername,
+ LPCWSTR lpDomain,
+ LPCWSTR lpPassword,
+ DWORD dwLogonFlags,
+ LPCWSTR lpApplicationName,
+ LPWSTR lpCommandLine,
+ DWORD dwCreationFlags,
+ LPVOID lpEnvironment,
+ LPCWSTR lpCurrentDirectory,
+ LPSTARTUPINFOW lpStartupInfo,
+ LPPROCESS_INFORMATION lpProcessInformation)
+{
+ FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
+ debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
+ debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
+ lpStartupInfo, lpProcessInformation);
+
+ return FALSE;
+}
+
BOOL
WINAPI
CreateProcessWithTokenW(IN HANDLE hToken,
for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++)
if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2))
return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount);
+
+ for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
+ if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
+ {
+ MAX_SID local;
+ ADVAPI_GetComputerSid(&local);
+ return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1);
+ }
+
}
return GetSidLengthRequired(0);
*cBytes = ComputeStringSidSize(StringSid);
if (!pisid) /* Simply compute the size */
{
- TRACE("only size requested, returning TRUE\n");
+ TRACE("only size requested, returning TRUE with %d\n", *cBytes);
return TRUE;
}
bret = TRUE;
}
+ for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
+ if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2))
+ {
+ ADVAPI_GetComputerSid(pisid);
+ pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid;
+ pisid->SubAuthorityCount++;
+ bret = TRUE;
+ }
+
if (!bret)
FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2));
}
return bret;
}
+/**********************************************************************
+ * GetNamedSecurityInfoA EXPORTED
+ *
+ * @implemented
+ */
+DWORD
+WINAPI
+GetNamedSecurityInfoA(LPSTR pObjectName,
+ SE_OBJECT_TYPE ObjectType,
+ SECURITY_INFORMATION SecurityInfo,
+ PSID *ppsidOwner,
+ PSID *ppsidGroup,
+ PACL *ppDacl,
+ PACL *ppSacl,
+ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
+{
+ DWORD len;
+ LPWSTR wstr = NULL;
+ DWORD r;
+
+ TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo,
+ ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor);
+
+ if( pObjectName )
+ {
+ len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 );
+ wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR));
+ MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len );
+ }
+
+ r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner,
+ ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor );
+
+ HeapFree( GetProcessHeap(), 0, wstr );
+
+ return r;
+}
+
/*
* @unimplemented
*/