X-Git-Url: https://git.reactos.org/?p=reactos.git;a=blobdiff_plain;f=reactos%2Fdll%2Fwin32%2Fadvapi32%2Fwine%2Fsecurity.c;h=87afe5fd5009124fb9ff07e0677ebab6d2afc221;hp=6456cf3eed1073a648e903a30e36f7a9f4620484;hb=b10d8f468677503795bd73171a7a9b6f56a4723f;hpb=21ef917d3f24a51885518cfae55012f1c3f3f3be diff --git a/reactos/dll/win32/advapi32/wine/security.c b/reactos/dll/win32/advapi32/wine/security.c index 6456cf3eed1..87afe5fd500 100644 --- a/reactos/dll/win32/advapi32/wine/security.c +++ b/reactos/dll/win32/advapi32/wine/security.c @@ -115,26 +115,28 @@ static const WELLKNOWNSID WellKnownSids[] = { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } }, }; +/* these SIDs must be constructed as relative to some domain - only the RID is well-known */ typedef struct WELLKNOWNRID { + WCHAR wstr[2]; WELL_KNOWN_SID_TYPE Type; DWORD Rid; } WELLKNOWNRID; static const WELLKNOWNRID WellKnownRids[] = { - { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN }, - { WinAccountGuestSid, DOMAIN_USER_RID_GUEST }, - { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT }, - { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS }, - { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS }, - { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS }, - { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS }, - { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS }, - { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS }, - { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS }, - { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS }, - { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS }, - { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, + { {'L','A'}, WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN }, + { {'L','G'}, WinAccountGuestSid, DOMAIN_USER_RID_GUEST }, + { {0,0}, WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT }, + { {0,0}, WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS }, + { {0,0}, WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS }, + { {0,0}, WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS }, + { {0,0}, WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS }, + { {0,0}, WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS }, + { {0,0}, WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS }, + { {0,0}, WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS }, + { {0,0}, WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS }, + { {0,0}, WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS }, + { {0,0}, WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, }; static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; @@ -226,40 +228,6 @@ static const char * debugstr_sid(PSID sid) return "(too-big)"; } -static const ACEFLAG AceRights[] = -{ - { SDDL_GENERIC_ALL, GENERIC_ALL }, - { SDDL_GENERIC_READ, GENERIC_READ }, - { SDDL_GENERIC_WRITE, GENERIC_WRITE }, - { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE }, - - { SDDL_READ_CONTROL, READ_CONTROL }, - { SDDL_STANDARD_DELETE, DELETE }, - { SDDL_WRITE_DAC, WRITE_DAC }, - { SDDL_WRITE_OWNER, WRITE_OWNER }, - - { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP}, - { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP}, - { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD}, - { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD}, - { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST}, - { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF}, - { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT}, - { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE}, - { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS}, - - { SDDL_FILE_ALL, FILE_ALL_ACCESS }, - { SDDL_FILE_READ, FILE_GENERIC_READ }, - { SDDL_FILE_WRITE, FILE_GENERIC_WRITE }, - { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE }, - - { SDDL_KEY_ALL, KEY_ALL_ACCESS }, - { SDDL_KEY_READ, KEY_READ }, - { SDDL_KEY_WRITE, KEY_WRITE }, - { SDDL_KEY_EXECUTE, KEY_EXECUTE }, - { NULL, 0 }, -}; - /* set last error code from NT status and get the proper boolean return value */ /* used for functions that are a simple wrapper around the corresponding ntdll API */ static __inline BOOL set_ntstatus( NTSTATUS status ) @@ -325,16 +293,34 @@ BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName) if (!ServerName || !ServerName[0]) return TRUE; - buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR)); + buf = heap_alloc(dwSize * sizeof(WCHAR)); Result = GetComputerNameW(buf, &dwSize); if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\')) ServerName += 2; Result = Result && !lstrcmpW(ServerName, buf); - HeapFree(GetProcessHeap(), 0, buf); + heap_free(buf); return Result; } +/************************************************************ + * ADVAPI_GetComputerSid + */ +BOOL ADVAPI_GetComputerSid(PSID sid) +{ + static const struct /* same fields as struct SID */ + { + BYTE Revision; + BYTE SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; + DWORD SubAuthority[4]; + } computer_sid = + { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } }; + + memcpy( sid, &computer_sid, sizeof(computer_sid) ); + return TRUE; +} + /* Exported functions */ /* @@ -364,28 +350,29 @@ OpenProcessToken(HANDLE ProcessHandle, return TRUE; } -/* - * @implemented +/****************************************************************************** + * OpenThreadToken [ADVAPI32.@] + * + * Opens the access token associated with a thread handle. + * + * PARAMS + * ThreadHandle [I] Handle to process + * DesiredAccess [I] Desired access to the thread + * OpenAsSelf [I] ??? + * TokenHandle [O] Destination for the token handle + * + * RETURNS + * Success: TRUE. TokenHandle contains the access token. + * Failure: FALSE. + * + * NOTES + * See NtOpenThreadToken. */ BOOL WINAPI -OpenThreadToken(HANDLE ThreadHandle, - DWORD DesiredAccess, - BOOL OpenAsSelf, - PHANDLE TokenHandle) +OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess, + BOOL OpenAsSelf, HANDLE *TokenHandle) { - NTSTATUS Status; - - Status = NtOpenThreadToken(ThreadHandle, - DesiredAccess, - OpenAsSelf, - TokenHandle); - if (!NT_SUCCESS(Status)) - { - SetLastError(RtlNtStatusToDosError(Status)); - return FALSE; - } - - return TRUE; + return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle)); } /* @@ -528,57 +515,88 @@ SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, return TRUE; } -BOOL WINAPI -CreateRestrictedToken(HANDLE TokenHandle, - DWORD Flags, - DWORD DisableSidCount, - PSID_AND_ATTRIBUTES pSidAndAttributes, - DWORD DeletePrivilegeCount, - PLUID_AND_ATTRIBUTES pLUIDAndAttributes, - DWORD RestrictedSidCount, - PSID_AND_ATTRIBUTES pSIDAndAttributes, - PHANDLE NewTokenHandle) -{ - UNIMPLEMENTED; - return FALSE; -} +/************************************************************************* + * CreateRestrictedToken [ADVAPI32.@] + * + * Create a new more restricted token from an existing token. + * + * PARAMS + * baseToken [I] Token to base the new restricted token on + * flags [I] Options + * nDisableSids [I] Length of disableSids array + * disableSids [I] Array of SIDs to disable in the new token + * nDeletePrivs [I] Length of deletePrivs array + * deletePrivs [I] Array of privileges to delete in the new token + * nRestrictSids [I] Length of restrictSids array + * restrictSids [I] Array of SIDs to restrict in the new token + * newToken [O] Address where the new token is stored + * + * RETURNS + * Success: TRUE + * Failure: FALSE + */ +BOOL WINAPI CreateRestrictedToken( + HANDLE baseToken, + DWORD flags, + DWORD nDisableSids, + PSID_AND_ATTRIBUTES disableSids, + DWORD nDeletePrivs, + PLUID_AND_ATTRIBUTES deletePrivs, + DWORD nRestrictSids, + PSID_AND_ATTRIBUTES restrictSids, + PHANDLE newToken) +{ + TOKEN_TYPE type; + SECURITY_IMPERSONATION_LEVEL level = TokenImpersonationLevel; + DWORD size; -/* - * @implemented - */ -BOOL WINAPI -AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, - BYTE nSubAuthorityCount, - DWORD dwSubAuthority0, - DWORD dwSubAuthority1, - DWORD dwSubAuthority2, - DWORD dwSubAuthority3, - DWORD dwSubAuthority4, - DWORD dwSubAuthority5, - DWORD dwSubAuthority6, - DWORD dwSubAuthority7, - PSID *pSid) -{ - NTSTATUS Status; + FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n", + baseToken, flags, nDisableSids, disableSids, + nDeletePrivs, deletePrivs, + nRestrictSids, restrictSids, + newToken); - Status = RtlAllocateAndInitializeSid(pIdentifierAuthority, - nSubAuthorityCount, - dwSubAuthority0, - dwSubAuthority1, - dwSubAuthority2, - dwSubAuthority3, - dwSubAuthority4, - dwSubAuthority5, - dwSubAuthority6, - dwSubAuthority7, - pSid); - if (!NT_SUCCESS(Status)) + size = sizeof(type); + if (!GetTokenInformation( baseToken, TokenType, &type, size, &size )) return FALSE; + if (type == TokenImpersonation) { - SetLastError(RtlNtStatusToDosError(Status)); - return FALSE; + size = sizeof(level); + if (!GetTokenInformation( baseToken, TokenImpersonationLevel, &level, size, &size )) + return FALSE; } + return DuplicateTokenEx( baseToken, MAXIMUM_ALLOWED, NULL, level, type, newToken ); +} - return TRUE; +/****************************************************************************** + * AllocateAndInitializeSid [ADVAPI32.@] + * + * PARAMS + * pIdentifierAuthority [] + * nSubAuthorityCount [] + * nSubAuthority0 [] + * nSubAuthority1 [] + * nSubAuthority2 [] + * nSubAuthority3 [] + * nSubAuthority4 [] + * nSubAuthority5 [] + * nSubAuthority6 [] + * nSubAuthority7 [] + * pSid [] + */ +BOOL WINAPI +AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, + BYTE nSubAuthorityCount, + DWORD nSubAuthority0, DWORD nSubAuthority1, + DWORD nSubAuthority2, DWORD nSubAuthority3, + DWORD nSubAuthority4, DWORD nSubAuthority5, + DWORD nSubAuthority6, DWORD nSubAuthority7, + PSID *pSid ) +{ + return set_ntstatus( RtlAllocateAndInitializeSid( + pIdentifierAuthority, nSubAuthorityCount, + nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3, + nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7, + pSid )); } /* @@ -595,26 +613,18 @@ FreeSid(PSID pSid) return RtlFreeSid(pSid); } -/* - * @implemented +/****************************************************************************** + * CopySid [ADVAPI32.@] + * + * PARAMS + * nDestinationSidLength [] + * pDestinationSid [] + * pSourceSid [] */ BOOL WINAPI -CopySid(DWORD nDestinationSidLength, - PSID pDestinationSid, - PSID pSourceSid) +CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid ) { - NTSTATUS Status; - - Status = RtlCopySid(nDestinationSidLength, - pDestinationSid, - pSourceSid); - if (!NT_SUCCESS (Status)) - { - SetLastError(RtlNtStatusToDosError(Status)); - return FALSE; - } - - return TRUE; + return set_ntstatus(RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid)); } /* @@ -828,19 +838,13 @@ GetLengthSid(PSID pSid) */ BOOL WINAPI -GetKernelObjectSecurity(HANDLE Handle, - SECURITY_INFORMATION RequestedInformation, - PSECURITY_DESCRIPTOR pSecurityDescriptor, - DWORD nLength, - LPDWORD lpnLengthNeeded) +InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, + DWORD dwRevision) { NTSTATUS Status; - Status = NtQuerySecurityObject(Handle, - RequestedInformation, - pSecurityDescriptor, - nLength, - lpnLengthNeeded); + Status = RtlCreateSecurityDescriptor(pSecurityDescriptor, + dwRevision); if (!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); @@ -855,15 +859,31 @@ GetKernelObjectSecurity(HANDLE Handle, */ BOOL WINAPI -InitializeAcl(PACL pAcl, - DWORD nAclLength, - DWORD dwAclRevision) +MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, + PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, + LPDWORD lpdwAbsoluteSecurityDescriptorSize, + PACL pDacl, + LPDWORD lpdwDaclSize, + PACL pSacl, + LPDWORD lpdwSaclSize, + PSID pOwner, + LPDWORD lpdwOwnerSize, + PSID pPrimaryGroup, + LPDWORD lpdwPrimaryGroupSize) { NTSTATUS Status; - Status = RtlCreateAcl(pAcl, - nAclLength, - dwAclRevision); + Status = RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor, + pAbsoluteSecurityDescriptor, + lpdwAbsoluteSecurityDescriptorSize, + pDacl, + lpdwDaclSize, + pSacl, + lpdwSaclSize, + pOwner, + lpdwOwnerSize, + pPrimaryGroup, + lpdwPrimaryGroupSize); if (!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); @@ -873,30 +893,37 @@ InitializeAcl(PACL pAcl, return TRUE; } -/********************************************************************** - * ImpersonateNamedPipeClient EXPORTED - * +/****************************************************************************** + * GetKernelObjectSecurity [ADVAPI32.@] + */ +BOOL WINAPI GetKernelObjectSecurity( + HANDLE Handle, + SECURITY_INFORMATION RequestedInformation, + PSECURITY_DESCRIPTOR pSecurityDescriptor, + DWORD nLength, + LPDWORD lpnLengthNeeded ) +{ + TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation, + pSecurityDescriptor, nLength, lpnLengthNeeded); + + return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor, + nLength, lpnLengthNeeded )); +} + +/* * @implemented */ BOOL WINAPI -ImpersonateNamedPipeClient(HANDLE hNamedPipe) +InitializeAcl(PACL pAcl, + DWORD nAclLength, + DWORD dwAclRevision) { - IO_STATUS_BLOCK StatusBlock; NTSTATUS Status; - TRACE("ImpersonateNamedPipeClient() called\n"); - - Status = NtFsControlFile(hNamedPipe, - NULL, - NULL, - NULL, - &StatusBlock, - FSCTL_PIPE_IMPERSONATE, - NULL, - 0, - NULL, - 0); + Status = RtlCreateAcl(pAcl, + nAclLength, + dwAclRevision); if (!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); @@ -906,6 +933,16 @@ ImpersonateNamedPipeClient(HANDLE hNamedPipe) return TRUE; } +BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe ) +{ + IO_STATUS_BLOCK io_block; + + TRACE("(%p)\n", hNamedPipe); + + return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, + &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) ); +} + /* * @implemented */ @@ -1035,25 +1072,12 @@ AddAce(PACL pAcl, return TRUE; } -/* - * @implemented +/****************************************************************************** + * DeleteAce [ADVAPI32.@] */ -BOOL -WINAPI -DeleteAce(PACL pAcl, - DWORD dwAceIndex) +BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex) { - NTSTATUS Status; - - Status = RtlDeleteAce(pAcl, - dwAceIndex); - if (!NT_SUCCESS(Status)) - { - SetLastError(RtlNtStatusToDosError(Status)); - return FALSE; - } - - return TRUE; + return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex)); } /* @@ -1068,28 +1092,12 @@ FindFirstFreeAce(PACL pAcl, (PACE*)pAce); } - -/* - * @implemented +/****************************************************************************** + * GetAce [ADVAPI32.@] */ -BOOL -WINAPI -GetAce(PACL pAcl, - DWORD dwAceIndex, - LPVOID *pAce) +BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) { - NTSTATUS Status; - - Status = RtlGetAce(pAcl, - dwAceIndex, - pAce); - if (!NT_SUCCESS(Status)) - { - SetLastError(RtlNtStatusToDosError(Status)); - return FALSE; - } - - return TRUE; + return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce)); } /* @@ -2284,6 +2292,9 @@ static BYTE ParseAceStringType(LPCWSTR* StringAcl) LPCWSTR szAcl = *StringAcl; const ACEFLAG *lpaf = AceType; + while (*szAcl == ' ') + szAcl++; + while (lpaf->wstr && (len = strlenW(lpaf->wstr)) && strncmpW(lpaf->wstr, szAcl, len)) @@ -2292,7 +2303,7 @@ static BYTE ParseAceStringType(LPCWSTR* StringAcl) if (!lpaf->wstr) return 0; - *StringAcl += len; + *StringAcl = szAcl + len; return lpaf->value; } @@ -2318,6 +2329,9 @@ static BYTE ParseAceStringFlags(LPCWSTR* StringAcl) BYTE flags = 0; LPCWSTR szAcl = *StringAcl; + while (*szAcl == ' ') + szAcl++; + while (*szAcl != ';') { const ACEFLAG *lpaf = AceFlags; @@ -2330,7 +2344,7 @@ static BYTE ParseAceStringFlags(LPCWSTR* StringAcl) if (!lpaf->wstr) return 0; - flags |= lpaf->value; + flags |= lpaf->value; szAcl += len; } @@ -2342,25 +2356,62 @@ static BYTE ParseAceStringFlags(LPCWSTR* StringAcl) /****************************************************************************** * ParseAceStringRights */ +static const ACEFLAG AceRights[] = +{ + { SDDL_GENERIC_ALL, GENERIC_ALL }, + { SDDL_GENERIC_READ, GENERIC_READ }, + { SDDL_GENERIC_WRITE, GENERIC_WRITE }, + { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE }, + + { SDDL_READ_CONTROL, READ_CONTROL }, + { SDDL_STANDARD_DELETE, DELETE }, + { SDDL_WRITE_DAC, WRITE_DAC }, + { SDDL_WRITE_OWNER, WRITE_OWNER }, + + { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP}, + { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP}, + { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD}, + { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD}, + { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST}, + { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF}, + { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT}, + { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE}, + { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS}, + + { SDDL_FILE_ALL, FILE_ALL_ACCESS }, + { SDDL_FILE_READ, FILE_GENERIC_READ }, + { SDDL_FILE_WRITE, FILE_GENERIC_WRITE }, + { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE }, + + { SDDL_KEY_ALL, KEY_ALL_ACCESS }, + { SDDL_KEY_READ, KEY_READ }, + { SDDL_KEY_WRITE, KEY_WRITE }, + { SDDL_KEY_EXECUTE, KEY_EXECUTE }, + { NULL, 0 }, +}; + static DWORD ParseAceStringRights(LPCWSTR* StringAcl) { UINT len = 0; DWORD rights = 0; LPCWSTR szAcl = *StringAcl; + while (*szAcl == ' ') + szAcl++; + if ((*szAcl == '0') && (*(szAcl + 1) == 'x')) { LPCWSTR p = szAcl; - while (*p && *p != ';') + while (*p && *p != ';') p++; - if (p - szAcl <= 10 /* 8 hex digits + "0x" */ ) - { - rights = strtoulW(szAcl, NULL, 16); - szAcl = p; - } - else + if (p - szAcl <= 10 /* 8 hex digits + "0x" */ ) + { + rights = strtoulW(szAcl, NULL, 16); + szAcl = p; + } + else WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl)); } else @@ -2370,16 +2421,16 @@ static DWORD ParseAceStringRights(LPCWSTR* StringAcl) const ACEFLAG *lpaf = AceRights; while (lpaf->wstr && - (len = strlenW(lpaf->wstr)) && - strncmpW(lpaf->wstr, szAcl, len)) - { - lpaf++; - } + (len = strlenW(lpaf->wstr)) && + strncmpW(lpaf->wstr, szAcl, len)) + { + lpaf++; + } if (!lpaf->wstr) return 0; - rights |= lpaf->value; + rights |= lpaf->value; szAcl += len; } } @@ -2394,11 +2445,8 @@ static DWORD ParseAceStringRights(LPCWSTR* StringAcl) * * dacl_flags(string_ace1)(string_ace2)... (string_acen) */ -static BOOL -ParseStringAclToAcl(LPCWSTR StringAcl, - LPDWORD lpdwFlags, - PACL pAcl, - LPDWORD cBytes) +static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, + PACL pAcl, LPDWORD cBytes) { DWORD val; DWORD sidlen; @@ -2406,11 +2454,12 @@ ParseStringAclToAcl(LPCWSTR StringAcl, DWORD acesize = 0; DWORD acecount = 0; PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */ + DWORD error = ERROR_INVALID_ACL; TRACE("%s\n", debugstr_w(StringAcl)); if (!StringAcl) - return FALSE; + return FALSE; if (pAcl) /* pAce is only useful if we're setting values */ pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1); @@ -2425,29 +2474,34 @@ ParseStringAclToAcl(LPCWSTR StringAcl, /* Parse ACE type */ val = ParseAceStringType(&StringAcl); - if (pAce) + if (pAce) pAce->Header.AceType = (BYTE) val; if (*StringAcl != ';') + { + error = RPC_S_INVALID_STRING_UUID; goto lerr; + } StringAcl++; /* Parse ACE flags */ - val = ParseAceStringFlags(&StringAcl); - if (pAce) + val = ParseAceStringFlags(&StringAcl); + if (pAce) pAce->Header.AceFlags = (BYTE) val; if (*StringAcl != ';') goto lerr; StringAcl++; /* Parse ACE rights */ - val = ParseAceStringRights(&StringAcl); - if (pAce) + val = ParseAceStringRights(&StringAcl); + if (pAce) pAce->Mask = val; if (*StringAcl != ';') goto lerr; StringAcl++; /* Parse ACE object guid */ + while (*StringAcl == ' ') + StringAcl++; if (*StringAcl != ';') { FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n"); @@ -2456,6 +2510,8 @@ ParseStringAclToAcl(LPCWSTR StringAcl, StringAcl++; /* Parse ACE inherit object guid */ + while (*StringAcl == ' ') + StringAcl++; if (*StringAcl != ';') { FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n"); @@ -2465,10 +2521,10 @@ ParseStringAclToAcl(LPCWSTR StringAcl, /* Parse ACE account sid */ if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen)) - { + { while (*StringAcl && *StringAcl != ')') StringAcl++; - } + } if (*StringAcl != ')') goto lerr; @@ -2503,7 +2559,7 @@ ParseStringAclToAcl(LPCWSTR StringAcl, return TRUE; lerr: - SetLastError(ERROR_INVALID_ACL); + SetLastError(error); WARN("Invalid ACE string format\n"); return FALSE; } @@ -2512,10 +2568,10 @@ lerr: /****************************************************************************** * ParseStringSecurityDescriptorToSecurityDescriptor */ -static BOOL -ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescriptor, - SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor, - LPDWORD cBytes) +static BOOL ParseStringSecurityDescriptorToSecurityDescriptor( + LPCWSTR StringSecurityDescriptor, + SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor, + LPDWORD cBytes) { BOOL bret = FALSE; WCHAR toktype; @@ -2529,25 +2585,28 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript if (SecurityDescriptor) lpNext = (LPBYTE)(SecurityDescriptor + 1); + while (*StringSecurityDescriptor == ' ') + StringSecurityDescriptor++; + while (*StringSecurityDescriptor) { toktype = *StringSecurityDescriptor; - /* Expect char identifier followed by ':' */ - StringSecurityDescriptor++; + /* Expect char identifier followed by ':' */ + StringSecurityDescriptor++; if (*StringSecurityDescriptor != ':') { SetLastError(ERROR_INVALID_PARAMETER); goto lend; } - StringSecurityDescriptor++; + StringSecurityDescriptor++; - /* Extract token */ - lptoken = StringSecurityDescriptor; - while (*lptoken && *lptoken != ':') + /* Extract token */ + lptoken = StringSecurityDescriptor; + while (*lptoken && *lptoken != ':') lptoken++; - if (*lptoken) + if (*lptoken) lptoken--; len = lptoken - StringSecurityDescriptor; @@ -2555,7 +2614,7 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript tok[len] = 0; switch (toktype) - { + { case 'O': { DWORD bytes; @@ -2569,7 +2628,7 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript lpNext += bytes; /* Advance to next token */ } - *cBytes += bytes; + *cBytes += bytes; break; } @@ -2587,13 +2646,13 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript lpNext += bytes; /* Advance to next token */ } - *cBytes += bytes; + *cBytes += bytes; break; } case 'D': - { + { DWORD flags; DWORD bytes; @@ -2605,11 +2664,11 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript SecurityDescriptor->Control |= SE_DACL_PRESENT | flags; SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor; lpNext += bytes; /* Advance to next token */ - } + } - *cBytes += bytes; + *cBytes += bytes; - break; + break; } case 'S': @@ -2625,18 +2684,18 @@ ParseStringSecurityDescriptorToSecurityDescriptor(LPCWSTR StringSecurityDescript SecurityDescriptor->Control |= SE_SACL_PRESENT | flags; SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor; lpNext += bytes; /* Advance to next token */ - } + } - *cBytes += bytes; + *cBytes += bytes; - break; + break; } default: FIXME("Unknown token\n"); SetLastError(ERROR_INVALID_PARAMETER); - goto lend; - } + goto lend; + } StringSecurityDescriptor = lptoken; } @@ -3553,6 +3612,15 @@ static DWORD ComputeStringSidSize(LPCWSTR StringSid) for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2)) return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount); + + for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++) + if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2)) + { + MAX_SID local; + ADVAPI_GetComputerSid(&local); + return GetSidLengthRequired(*GetSidSubAuthorityCount(&local) + 1); + } + } return GetSidLengthRequired(0); @@ -3580,7 +3648,7 @@ static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes) *cBytes = ComputeStringSidSize(StringSid); if (!pisid) /* Simply compute the size */ { - TRACE("only size requested, returning TRUE\n"); + TRACE("only size requested, returning TRUE with %d\n", *cBytes); return TRUE; } @@ -3659,6 +3727,15 @@ static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes) bret = TRUE; } + for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++) + if (!strncmpW(WellKnownRids[i].wstr, StringSid, 2)) + { + ADVAPI_GetComputerSid(pisid); + pisid->SubAuthority[pisid->SubAuthorityCount] = WellKnownRids[i].Rid; + pisid->SubAuthorityCount++; + bret = TRUE; + } + if (!bret) FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2)); }