wine/dlls/advapi32/security.c

Version: ~ [ wine-1.5.4 ] ~ [ wine-1.5.3 ] ~ [ wine-1.5.2 ] ~ [ wine-1.5.1 ] ~ [ wine-1.5.0 ] ~ [ wine-1.4 ] ~ [ wine-1.4-rc6 ] ~ [ wine-1.4-rc5 ] ~ [ wine-1.4-rc4 ] ~ [ wine-1.4-rc3 ] ~ [ wine-1.4-rc2 ] ~ [ wine-1.4-rc1 ] ~ [ wine-1.3.37 ] ~ [ wine-1.3.36 ] ~ [ wine-1.3.35 ] ~ [ wine-1.3.34 ] ~ [ wine-1.3.33 ] ~ [ wine-1.3.32 ] ~ [ wine-1.3.31 ] ~ [ wine-1.3.30 ] ~ [ wine-1.3.29 ] ~ [ wine-1.3.28 ] ~ [ wine-1.3.27 ] ~ [ wine-1.3.26 ] ~ [ wine-1.3.25 ] ~ [ wine-1.3.24 ] ~ [ wine-1.3.23 ] ~ [ wine-1.3.22 ] ~ [ wine-1.3.21 ] ~ [ wine-1.3.20 ] ~ [ wine-1.3.19 ] ~ [ wine-1.3.18 ] ~ [ wine-1.2.3 ] ~ [ wine-1.3.17 ] ~ [ wine-1.3.16 ] ~ [ wine-1.3.15 ] ~ [ wine-1.3.14 ] ~ [ wine-1.3.13 ] ~ [ wine-1.3.12 ] ~ [ wine-1.3.11 ] ~ [ wine-1.3.10 ] ~ [ wine-1.3.9 ] ~ [ wine-1.2.2 ] ~ [ wine-1.3.8 ] ~ [ wine-1.3.7 ] ~ [ wine-1.3.6 ] ~ [ wine-1.3.5 ] ~ [ wine-1.2.1 ] ~ [ wine-1.3.4 ] ~ [ wine-1.3.3 ] ~ [ wine-1.3.2 ] ~ [ wine-1.3.1 ] ~ [ wine-1.3.0 ] ~ [ wine-1.2 ] ~ [ wine-1.2-rc7 ] ~ [ wine-1.2-rc6 ] ~ [ wine-1.2-rc5 ] ~ [ wine-1.2-rc4 ] ~ [ wine-1.2-rc3 ] ~ [ wine-1.2-rc2 ] ~ [ wine-1.2-rc1 ] ~ [ wine-1.1.44 ] ~ [ wine-1.1.43 ] ~ [ wine-1.1.42 ] ~ [ wine-1.1.41 ] ~ [ wine-1.1.40 ] ~ [ wine-1.1.39 ] ~ [ wine-1.1.38 ] ~ [ wine-1.1.37 ] ~ [ wine-1.1.36 ] ~ [ wine-1.1.35 ] ~ [ wine-1.1.34 ] ~ [ wine-1.1.33 ] ~ [ wine-1.1.32 ] ~ [ wine-1.1.31 ] ~ [ wine-1.1.30 ] ~ [ wine-1.1.29 ] ~ [ wine-1.1.28 ] ~ [ wine-1.1.27 ] ~ [ wine-1.1.26 ] ~ [ wine-1.1.25 ] ~ [ wine-1.1.24 ] ~ [ wine-1.1.23 ] ~ [ wine-1.1.22 ] ~ [ wine-1.1.21 ] ~ [ wine-1.1.20 ] ~ [ wine-1.1.19 ] ~ [ wine-1.1.18 ] ~ [ wine-1.1.17 ] ~ [ wine-1.1.16 ] ~ [ wine-1.1.15 ] ~ [ wine-1.1.14 ] ~ [ wine-1.1.13 ] ~ [ wine-1.1.12 ] ~ [ wine-1.1.11 ] ~ [ wine-1.1.10 ] ~ [ wine-1.1.9 ] ~ [ wine-1.1.8 ] ~ [ wine-1.1.7 ] ~ [ wine-1.0.1 ] ~ [ wine-1.1.6 ] ~ [ wine-1.1.5 ] ~ [ wine-1.1.4 ] ~ [ wine-1.1.3 ] ~ [ wine-1.1.2 ] ~ [ wine-1.1.1 ] ~ [ wine-1.1.0 ] ~ [ wine-1.0 ] ~

1 /* 2 * Copyright 1999, 2000 Juergen Schmied <juergen.schmied@debitel.net> 3 * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla) 4 * Copyright 2006 Robert Reif 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 19 * 20 */ 21 22 #include <stdarg.h> 23 #include <string.h> 24 25 #include "ntstatus.h" 26 #define WIN32_NO_STATUS 27 #include "windef.h" 28 #include "winbase.h" 29 #include "winerror.h" 30 #include "winreg.h" 31 #include "winsafer.h" 32 #include "winternl.h" 33 #include "winioctl.h" 34 #include "ntsecapi.h" 35 #include "accctrl.h" 36 #include "sddl.h" 37 #include "winsvc.h" 38 #include "aclapi.h" 39 #include "objbase.h" 40 #include "iads.h" 41 #include "advapi32_misc.h" 42 #include "lmcons.h" 43 44 #include "wine/debug.h" 45 #include "wine/unicode.h" 46 47 WINE_DEFAULT_DEBUG_CHANNEL(advapi); 48 49 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes); 50 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, 51 PACL pAcl, LPDWORD cBytes); 52 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl); 53 static BYTE ParseAceStringType(LPCWSTR* StringAcl); 54 static DWORD ParseAceStringRights(LPCWSTR* StringAcl); 55 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor( 56 LPCWSTR StringSecurityDescriptor, 57 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor, 58 LPDWORD cBytes); 59 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl); 60 61 typedef struct _ACEFLAG 62 { 63 LPCWSTR wstr; 64 DWORD value; 65 } ACEFLAG, *LPACEFLAG; 66 67 typedef struct _MAX_SID 68 { 69 /* same fields as struct _SID */ 70 BYTE Revision; 71 BYTE SubAuthorityCount; 72 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 73 DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]; 74 } MAX_SID; 75 76 typedef struct WELLKNOWNSID 77 { 78 WCHAR wstr[2]; 79 WELL_KNOWN_SID_TYPE Type; 80 MAX_SID Sid; 81 } WELLKNOWNSID; 82 83 static const WELLKNOWNSID WellKnownSids[] = 84 { 85 { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } }, 86 { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } }, 87 { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } }, 88 { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } }, 89 { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } }, 90 { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } }, 91 { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } }, 92 { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { SECURITY_NULL_RID } } }, 93 { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } }, 94 { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } }, 95 { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } }, 96 { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } }, 97 { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } }, 98 { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } }, 99 { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } }, 100 { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } }, 101 { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } }, 102 { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } }, 103 { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } }, 104 { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } }, 105 { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } }, 106 { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } }, 107 { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } }, 108 { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } }, 109 { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } }, 110 { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } }, 111 { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } }, 112 { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } }, 113 { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } }, 114 { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } }, 115 { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } }, 116 { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } }, 117 { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } }, 118 { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } }, 119 { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } }, 120 { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } }, 121 { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } }, 122 { {0,0}, WinNTLMAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_NTLM_RID } } }, 123 { {0,0}, WinDigestAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_DIGEST_RID } } }, 124 { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } }, 125 { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } }, 126 { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } }, 127 { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } }, 128 { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } }, 129 { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } }, 130 { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } }, 131 { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } }, 132 { {0,0}, WinBuiltinDCOMUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_DCOM_USERS } } }, 133 { {'L','W'}, WinLowLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_LOW_RID} } }, 134 { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } }, 135 { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } }, 136 { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } }, 137 }; 138 139 /* these SIDs must be constructed as relative to some domain - only the RID is well-known */ 140 typedef struct WELLKNOWNRID 141 { 142 WELL_KNOWN_SID_TYPE Type; 143 DWORD Rid; 144 } WELLKNOWNRID; 145 146 static const WELLKNOWNRID WellKnownRids[] = { 147 { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN }, 148 { WinAccountGuestSid, DOMAIN_USER_RID_GUEST }, 149 { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT }, 150 { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS }, 151 { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS }, 152 { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS }, 153 { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS }, 154 { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS }, 155 { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS }, 156 { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS }, 157 { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS }, 158 { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS }, 159 { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, 160 }; 161 162 163 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; 164 165 typedef struct _AccountSid { 166 WELL_KNOWN_SID_TYPE type; 167 LPCWSTR account; 168 LPCWSTR domain; 169 SID_NAME_USE name_use; 170 LPCWSTR alias; 171 } AccountSid; 172 173 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 }; 174 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 }; 175 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 }; 176 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 }; 177 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 }; 178 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 }; 179 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 }; 180 static const WCHAR Blank[] = { 0 }; 181 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 }; 182 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 }; 183 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 }; 184 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 }; 185 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 }; 186 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 }; 187 static const WCHAR CURRENT_USER[] = { 'C','U','R','R','E','N','T','_','U','S','E','R',0 }; 188 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 }; 189 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 190 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0}; 191 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 }; 192 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 }; 193 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 }; 194 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 }; 195 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 }; 196 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 }; 197 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 }; 198 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 }; 199 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 }; 200 static const WCHAR Guest[] = { 'G','u','e','s','t',0 }; 201 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 }; 202 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 }; 203 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 }; 204 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 }; 205 static const WCHAR LOCAL_SERVICE2[] = { 'L','O','C','A','L','S','E','R','V','I','C','E',0 }; 206 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 }; 207 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 }; 208 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 }; 209 static const WCHAR NETWORK_SERVICE2[] = { 'N','E','T','W','O','R','K','S','E','R','V','I','C','E',0 }; 210 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 }; 211 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 }; 212 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 213 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 }; 214 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 }; 215 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 }; 216 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 }; 217 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 }; 218 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','','','',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 }; 219 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 }; 220 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 }; 221 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 }; 222 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 }; 223 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 }; 224 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 }; 225 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 }; 226 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 }; 227 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 }; 228 static const WCHAR SELF[] = { 'S','E','L','F',0 }; 229 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 }; 230 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 }; 231 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 }; 232 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 }; 233 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 }; 234 static const WCHAR Users[] = { 'U','s','e','r','s',0 }; 235 236 static const AccountSid ACCOUNT_SIDS[] = { 237 { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup }, 238 { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup }, 239 { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup }, 240 { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup }, 241 { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup }, 242 { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup }, 243 { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup }, 244 { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain }, 245 { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup }, 246 { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup }, 247 { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup }, 248 { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup }, 249 { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup }, 250 { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup }, 251 { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup }, 252 { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup }, 253 { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup }, 254 { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup }, 255 { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup }, 256 { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup }, 257 { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup }, 258 { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup }, 259 { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup, LOCAL_SERVICE2 }, 260 { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup , NETWORK_SERVICE2}, 261 { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain }, 262 { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias }, 263 { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias }, 264 { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias }, 265 { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias }, 266 { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias }, 267 { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias }, 268 { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias }, 269 { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias }, 270 { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias }, 271 { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias }, 272 { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias }, 273 { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias }, 274 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 275 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 276 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup }, 277 { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup }, 278 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup }, 279 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias }, 280 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias }, 281 }; 282 /* 283 * ACE access rights 284 */ 285 static const WCHAR SDDL_READ_CONTROL[] = {'R','C',0}; 286 static const WCHAR SDDL_WRITE_DAC[] = {'W','D',0}; 287 static const WCHAR SDDL_WRITE_OWNER[] = {'W','O',0}; 288 static const WCHAR SDDL_STANDARD_DELETE[] = {'S','D',0}; 289 290 static const WCHAR SDDL_READ_PROPERTY[] = {'R','P',0}; 291 static const WCHAR SDDL_WRITE_PROPERTY[] = {'W','P',0}; 292 static const WCHAR SDDL_CREATE_CHILD[] = {'C','C',0}; 293 static const WCHAR SDDL_DELETE_CHILD[] = {'D','C',0}; 294 static const WCHAR SDDL_LIST_CHILDREN[] = {'L','C',0}; 295 static const WCHAR SDDL_SELF_WRITE[] = {'S','W',0}; 296 static const WCHAR SDDL_LIST_OBJECT[] = {'L','O',0}; 297 static const WCHAR SDDL_DELETE_TREE[] = {'D','T',0}; 298 static const WCHAR SDDL_CONTROL_ACCESS[] = {'C','R',0}; 299 300 static const WCHAR SDDL_FILE_ALL[] = {'F','A',0}; 301 static const WCHAR SDDL_FILE_READ[] = {'F','R',0}; 302 static const WCHAR SDDL_FILE_WRITE[] = {'F','W',0}; 303 static const WCHAR SDDL_FILE_EXECUTE[] = {'F','X',0}; 304 305 static const WCHAR SDDL_KEY_ALL[] = {'K','A',0}; 306 static const WCHAR SDDL_KEY_READ[] = {'K','R',0}; 307 static const WCHAR SDDL_KEY_WRITE[] = {'K','W',0}; 308 static const WCHAR SDDL_KEY_EXECUTE[] = {'K','X',0}; 309 310 static const WCHAR SDDL_GENERIC_ALL[] = {'G','A',0}; 311 static const WCHAR SDDL_GENERIC_READ[] = {'G','R',0}; 312 static const WCHAR SDDL_GENERIC_WRITE[] = {'G','W',0}; 313 static const WCHAR SDDL_GENERIC_EXECUTE[] = {'G','X',0}; 314 315 /* 316 * ACL flags 317 */ 318 static const WCHAR SDDL_PROTECTED[] = {'P',0}; 319 static const WCHAR SDDL_AUTO_INHERIT_REQ[] = {'A','R',0}; 320 static const WCHAR SDDL_AUTO_INHERITED[] = {'A','I',0}; 321 322 /* 323 * ACE types 324 */ 325 static const WCHAR SDDL_ACCESS_ALLOWED[] = {'A',0}; 326 static const WCHAR SDDL_ACCESS_DENIED[] = {'D',0}; 327 static const WCHAR SDDL_OBJECT_ACCESS_ALLOWED[] = {'O','A',0}; 328 static const WCHAR SDDL_OBJECT_ACCESS_DENIED[] = {'O','D',0}; 329 static const WCHAR SDDL_AUDIT[] = {'A','U',0}; 330 static const WCHAR SDDL_ALARM[] = {'A','L',0}; 331 static const WCHAR SDDL_OBJECT_AUDIT[] = {'O','U',0}; 332 static const WCHAR SDDL_OBJECT_ALARMp[] = {'O','L',0}; 333 334 /* 335 * ACE flags 336 */ 337 static const WCHAR SDDL_CONTAINER_INHERIT[] = {'C','I',0}; 338 static const WCHAR SDDL_OBJECT_INHERIT[] = {'O','I',0}; 339 static const WCHAR SDDL_NO_PROPAGATE[] = {'N','P',0}; 340 static const WCHAR SDDL_INHERIT_ONLY[] = {'I','O',0}; 341 static const WCHAR SDDL_INHERITED[] = {'I','D',0}; 342 static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0}; 343 static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0}; 344 345 const char * debugstr_sid(PSID sid) 346 { 347 int auth = 0; 348 SID * psid = sid; 349 350 if (psid == NULL) 351 return "(null)"; 352 353 auth = psid->IdentifierAuthority.Value[5] + 354 (psid->IdentifierAuthority.Value[4] << 8) + 355 (psid->IdentifierAuthority.Value[3] << 16) + 356 (psid->IdentifierAuthority.Value[2] << 24); 357 358 switch (psid->SubAuthorityCount) { 359 case 0: 360 return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth); 361 case 1: 362 return wine_dbg_sprintf("S-%d-%d-%u", psid->Revision, auth, 363 psid->SubAuthority[0]); 364 case 2: 365 return wine_dbg_sprintf("S-%d-%d-%u-%u", psid->Revision, auth, 366 psid->SubAuthority[0], psid->SubAuthority[1]); 367 case 3: 368 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u", psid->Revision, auth, 369 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]); 370 case 4: 371 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u", psid->Revision, auth, 372 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 373 psid->SubAuthority[3]); 374 case 5: 375 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u", psid->Revision, auth, 376 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 377 psid->SubAuthority[3], psid->SubAuthority[4]); 378 case 6: 379 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 380 psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2], 381 psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]); 382 case 7: 383 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 384 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 385 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], 386 psid->SubAuthority[6]); 387 case 8: 388 return wine_dbg_sprintf("S-%d-%d-%u-%u-%u-%u-%u-%u-%u-%u", psid->Revision, auth, 389 psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], 390 psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], 391 psid->SubAuthority[6], psid->SubAuthority[7]); 392 } 393 return "(too-big)"; 394 } 395 396 /* set last error code from NT status and get the proper boolean return value */ 397 /* used for functions that are a simple wrapper around the corresponding ntdll API */ 398 static inline BOOL set_ntstatus( NTSTATUS status ) 399 { 400 if (status) SetLastError( RtlNtStatusToDosError( status )); 401 return !status; 402 } 403 404 #define WINE_SIZE_OF_WORLD_ACCESS_ACL (sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD)) 405 406 static void GetWorldAccessACL(PACL pACL) 407 { 408 PACCESS_ALLOWED_ACE pACE = (PACCESS_ALLOWED_ACE) (pACL + 1); 409 410 pACL->AclRevision = ACL_REVISION; 411 pACL->Sbz1 = 0; 412 pACL->AclSize = WINE_SIZE_OF_WORLD_ACCESS_ACL; 413 pACL->AceCount = 1; 414 pACL->Sbz2 = 0; 415 416 pACE->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; 417 pACE->Header.AceFlags = CONTAINER_INHERIT_ACE; 418 pACE->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) + sizeof(sidWorld) - sizeof(DWORD); 419 pACE->Mask = 0xf3ffffff; /* Everything except reserved bits */ 420 memcpy(&pACE->SidStart, &sidWorld, sizeof(sidWorld)); 421 } 422 423 /************************************************************ 424 * ADVAPI_IsLocalComputer 425 * 426 * Checks whether the server name indicates local machine. 427 */ 428 BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName) 429 { 430 DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1; 431 BOOL Result; 432 LPWSTR buf; 433 434 if (!ServerName || !ServerName[0]) 435 return TRUE; 436 437 buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR)); 438 Result = GetComputerNameW(buf, &dwSize); 439 if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\')) 440 ServerName += 2; 441 Result = Result && !lstrcmpW(ServerName, buf); 442 HeapFree(GetProcessHeap(), 0, buf); 443 444 return Result; 445 } 446 447 /************************************************************ 448 * ADVAPI_GetComputerSid 449 */ 450 BOOL ADVAPI_GetComputerSid(PSID sid) 451 { 452 static const struct /* same fields as struct SID */ 453 { 454 BYTE Revision; 455 BYTE SubAuthorityCount; 456 SID_IDENTIFIER_AUTHORITY IdentifierAuthority; 457 DWORD SubAuthority[4]; 458 } computer_sid = 459 { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } }; 460 461 memcpy( sid, &computer_sid, sizeof(computer_sid) ); 462 return TRUE; 463 } 464 465 /* ############################## 466 ###### TOKEN FUNCTIONS ###### 467 ############################## 468 */ 469 470 /****************************************************************************** 471 * OpenProcessToken [ADVAPI32.@] 472 * Opens the access token associated with a process handle. 473 * 474 * PARAMS 475 * ProcessHandle [I] Handle to process 476 * DesiredAccess [I] Desired access to process 477 * TokenHandle [O] Pointer to handle of open access token 478 * 479 * RETURNS 480 * Success: TRUE. TokenHandle contains the access token. 481 * Failure: FALSE. 482 * 483 * NOTES 484 * See NtOpenProcessToken. 485 */ 486 BOOL WINAPI 487 OpenProcessToken( HANDLE ProcessHandle, DWORD DesiredAccess, 488 HANDLE *TokenHandle ) 489 { 490 return set_ntstatus(NtOpenProcessToken( ProcessHandle, DesiredAccess, TokenHandle )); 491 } 492 493 /****************************************************************************** 494 * OpenThreadToken [ADVAPI32.@] 495 * 496 * Opens the access token associated with a thread handle. 497 * 498 * PARAMS 499 * ThreadHandle [I] Handle to process 500 * DesiredAccess [I] Desired access to the thread 501 * OpenAsSelf [I] ??? 502 * TokenHandle [O] Destination for the token handle 503 * 504 * RETURNS 505 * Success: TRUE. TokenHandle contains the access token. 506 * Failure: FALSE. 507 * 508 * NOTES 509 * See NtOpenThreadToken. 510 */ 511 BOOL WINAPI 512 OpenThreadToken( HANDLE ThreadHandle, DWORD DesiredAccess, 513 BOOL OpenAsSelf, HANDLE *TokenHandle) 514 { 515 return set_ntstatus( NtOpenThreadToken(ThreadHandle, DesiredAccess, OpenAsSelf, TokenHandle)); 516 } 517 518 BOOL WINAPI 519 AdjustTokenGroups( HANDLE TokenHandle, BOOL ResetToDefault, PTOKEN_GROUPS NewState, 520 DWORD BufferLength, PTOKEN_GROUPS PreviousState, PDWORD ReturnLength ) 521 { 522 return set_ntstatus( NtAdjustGroupsToken(TokenHandle, ResetToDefault, NewState, BufferLength, 523 PreviousState, ReturnLength)); 524 } 525 526 /****************************************************************************** 527 * AdjustTokenPrivileges [ADVAPI32.@] 528 * 529 * Adjust the privileges of an open token handle. 530 * 531 * PARAMS 532 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken() 533 * DisableAllPrivileges [I] TRUE=Remove all privileges, FALSE=Use NewState 534 * NewState [I] Desired new privileges of the token 535 * BufferLength [I] Length of NewState 536 * PreviousState [O] Destination for the previous state 537 * ReturnLength [I/O] Size of PreviousState 538 * 539 * 540 * RETURNS 541 * Success: TRUE. Privileges are set to NewState and PreviousState is updated. 542 * Failure: FALSE. 543 * 544 * NOTES 545 * See NtAdjustPrivilegesToken. 546 */ 547 BOOL WINAPI 548 AdjustTokenPrivileges( HANDLE TokenHandle, BOOL DisableAllPrivileges, 549 PTOKEN_PRIVILEGES NewState, DWORD BufferLength, 550 PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength ) 551 { 552 NTSTATUS status; 553 554 TRACE("\n"); 555 556 status = NtAdjustPrivilegesToken(TokenHandle, DisableAllPrivileges, 557 NewState, BufferLength, PreviousState, 558 ReturnLength); 559 SetLastError( RtlNtStatusToDosError( status )); 560 if ((status == STATUS_SUCCESS) || (status == STATUS_NOT_ALL_ASSIGNED)) 561 return TRUE; 562 else 563 return FALSE; 564 } 565 566 /****************************************************************************** 567 * CheckTokenMembership [ADVAPI32.@] 568 * 569 * Determine if an access token is a member of a SID. 570 * 571 * PARAMS 572 * TokenHandle [I] Handle from OpenProcessToken() or OpenThreadToken() 573 * SidToCheck [I] SID that possibly contains the token 574 * IsMember [O] Destination for result. 575 * 576 * RETURNS 577 * Success: TRUE. IsMember is TRUE if TokenHandle is a member, FALSE otherwise. 578 * Failure: FALSE. 579 */ 580 BOOL WINAPI 581 CheckTokenMembership( HANDLE token, PSID sid_to_check, 582 PBOOL is_member ) 583 { 584 PTOKEN_GROUPS token_groups = NULL; 585 HANDLE thread_token = NULL; 586 DWORD size, i; 587 BOOL ret; 588 589 TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member); 590 591 *is_member = FALSE; 592 593 if (!token) 594 { 595 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token)) 596 { 597 HANDLE process_token; 598 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token); 599 if (!ret) 600 goto exit; 601 ret = DuplicateTokenEx(process_token, TOKEN_QUERY, 602 NULL, SecurityImpersonation, TokenImpersonation, 603 &thread_token); 604 CloseHandle(process_token); 605 if (!ret) 606 goto exit; 607 } 608 token = thread_token; 609 } 610 else 611 { 612 TOKEN_TYPE type; 613 614 ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size); 615 if (!ret) goto exit; 616 617 if (type == TokenPrimary) 618 { 619 SetLastError(ERROR_NO_IMPERSONATION_TOKEN); 620 return FALSE; 621 } 622 } 623 624 ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size); 625 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER) 626 goto exit; 627 628 token_groups = HeapAlloc(GetProcessHeap(), 0, size); 629 if (!token_groups) 630 { 631 ret = FALSE; 632 goto exit; 633 } 634 635 ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size); 636 if (!ret) 637 goto exit; 638 639 for (i = 0; i < token_groups->GroupCount; i++) 640 { 641 TRACE("Groups[%d]: {0x%x, %s}\n", i, 642 token_groups->Groups[i].Attributes, 643 debugstr_sid(token_groups->Groups[i].Sid)); 644 if ((token_groups->Groups[i].Attributes & SE_GROUP_ENABLED) && 645 EqualSid(sid_to_check, token_groups->Groups[i].Sid)) 646 { 647 *is_member = TRUE; 648 TRACE("sid enabled and found in token\n"); 649 break; 650 } 651 } 652 653 exit: 654 HeapFree(GetProcessHeap(), 0, token_groups); 655 if (thread_token != NULL) CloseHandle(thread_token); 656 657 return ret; 658 } 659 660 /****************************************************************************** 661 * GetTokenInformation [ADVAPI32.@] 662 * 663 * Get a type of information about an access token. 664 * 665 * PARAMS 666 * token [I] Handle from OpenProcessToken() or OpenThreadToken() 667 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h" 668 * tokeninfo [O] Destination for token information 669 * tokeninfolength [I] Length of tokeninfo 670 * retlen [O] Destination for returned token information length 671 * 672 * RETURNS 673 * Success: TRUE. tokeninfo contains retlen bytes of token information 674 * Failure: FALSE. 675 * 676 * NOTES 677 * See NtQueryInformationToken. 678 */ 679 BOOL WINAPI 680 GetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass, 681 LPVOID tokeninfo, DWORD tokeninfolength, LPDWORD retlen ) 682 { 683 TRACE("(%p, %s, %p, %d, %p):\n", 684 token, 685 (tokeninfoclass == TokenUser) ? "TokenUser" : 686 (tokeninfoclass == TokenGroups) ? "TokenGroups" : 687 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" : 688 (tokeninfoclass == TokenOwner) ? "TokenOwner" : 689 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" : 690 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" : 691 (tokeninfoclass == TokenSource) ? "TokenSource" : 692 (tokeninfoclass == TokenType) ? "TokenType" : 693 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" : 694 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" : 695 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" : 696 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" : 697 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" : 698 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" : 699 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" : 700 "Unknown", 701 tokeninfo, tokeninfolength, retlen); 702 return set_ntstatus( NtQueryInformationToken( token, tokeninfoclass, tokeninfo, 703 tokeninfolength, retlen)); 704 } 705 706 /****************************************************************************** 707 * SetTokenInformation [ADVAPI32.@] 708 * 709 * Set information for an access token. 710 * 711 * PARAMS 712 * token [I] Handle from OpenProcessToken() or OpenThreadToken() 713 * tokeninfoclass [I] A TOKEN_INFORMATION_CLASS from "winnt.h" 714 * tokeninfo [I] Token information to set 715 * tokeninfolength [I] Length of tokeninfo 716 * 717 * RETURNS 718 * Success: TRUE. The information for the token is set to tokeninfo. 719 * Failure: FALSE. 720 */ 721 BOOL WINAPI 722 SetTokenInformation( HANDLE token, TOKEN_INFORMATION_CLASS tokeninfoclass, 723 LPVOID tokeninfo, DWORD tokeninfolength ) 724 { 725 TRACE("(%p, %s, %p, %d): stub\n", 726 token, 727 (tokeninfoclass == TokenUser) ? "TokenUser" : 728 (tokeninfoclass == TokenGroups) ? "TokenGroups" : 729 (tokeninfoclass == TokenPrivileges) ? "TokenPrivileges" : 730 (tokeninfoclass == TokenOwner) ? "TokenOwner" : 731 (tokeninfoclass == TokenPrimaryGroup) ? "TokenPrimaryGroup" : 732 (tokeninfoclass == TokenDefaultDacl) ? "TokenDefaultDacl" : 733 (tokeninfoclass == TokenSource) ? "TokenSource" : 734 (tokeninfoclass == TokenType) ? "TokenType" : 735 (tokeninfoclass == TokenImpersonationLevel) ? "TokenImpersonationLevel" : 736 (tokeninfoclass == TokenStatistics) ? "TokenStatistics" : 737 (tokeninfoclass == TokenRestrictedSids) ? "TokenRestrictedSids" : 738 (tokeninfoclass == TokenSessionId) ? "TokenSessionId" : 739 (tokeninfoclass == TokenGroupsAndPrivileges) ? "TokenGroupsAndPrivileges" : 740 (tokeninfoclass == TokenSessionReference) ? "TokenSessionReference" : 741 (tokeninfoclass == TokenSandBoxInert) ? "TokenSandBoxInert" : 742 "Unknown", 743 tokeninfo, tokeninfolength); 744 745 return set_ntstatus( NtSetInformationToken( token, tokeninfoclass, tokeninfo, tokeninfolength )); 746 } 747 748 /************************************************************************* 749 * SetThreadToken [ADVAPI32.@] 750 * 751 * Assigns an 'impersonation token' to a thread so it can assume the 752 * security privileges of another thread or process. Can also remove 753 * a previously assigned token. 754 * 755 * PARAMS 756 * thread [O] Handle to thread to set the token for 757 * token [I] Token to set 758 * 759 * RETURNS 760 * Success: TRUE. The threads access token is set to token 761 * Failure: FALSE. 762 * 763 * NOTES 764 * Only supported on NT or higher. On Win9X this function does nothing. 765 * See SetTokenInformation. 766 */ 767 BOOL WINAPI SetThreadToken(PHANDLE thread, HANDLE token) 768 { 769 return set_ntstatus( NtSetInformationThread( thread ? *thread : GetCurrentThread(), 770 ThreadImpersonationToken, &token, sizeof token )); 771 } 772 773 /************************************************************************* 774 * CreateRestrictedToken [ADVAPI32.@] 775 * 776 * Create a new more restricted token from an existing token. 777 * 778 * PARAMS 779 * baseToken [I] Token to base the new restricted token on 780 * flags [I] Options 781 * nDisableSids [I] Length of disableSids array 782 * disableSids [I] Array of SIDs to disable in the new token 783 * nDeletePrivs [I] Length of deletePrivs array 784 * deletePrivs [I] Array of privileges to delete in the new token 785 * nRestrictSids [I] Length of restrictSids array 786 * restrictSids [I] Array of SIDs to restrict in the new token 787 * newToken [O] Address where the new token is stored 788 * 789 * RETURNS 790 * Success: TRUE 791 * Failure: FALSE 792 */ 793 BOOL WINAPI CreateRestrictedToken( 794 HANDLE baseToken, 795 DWORD flags, 796 DWORD nDisableSids, 797 PSID_AND_ATTRIBUTES disableSids, 798 DWORD nDeletePrivs, 799 PLUID_AND_ATTRIBUTES deletePrivs, 800 DWORD nRestrictSids, 801 PSID_AND_ATTRIBUTES restrictSids, 802 PHANDLE newToken) 803 { 804 FIXME("(%p, 0x%x, %u, %p, %u, %p, %u, %p, %p): stub\n", 805 baseToken, flags, nDisableSids, disableSids, 806 nDeletePrivs, deletePrivs, 807 nRestrictSids, restrictSids, 808 newToken); 809 SetLastError(ERROR_CALL_NOT_IMPLEMENTED); 810 return FALSE; 811 } 812 813 /* ############################## 814 ###### SID FUNCTIONS ###### 815 ############################## 816 */ 817 818 /****************************************************************************** 819 * AllocateAndInitializeSid [ADVAPI32.@] 820 * 821 * PARAMS 822 * pIdentifierAuthority [] 823 * nSubAuthorityCount [] 824 * nSubAuthority0 [] 825 * nSubAuthority1 [] 826 * nSubAuthority2 [] 827 * nSubAuthority3 [] 828 * nSubAuthority4 [] 829 * nSubAuthority5 [] 830 * nSubAuthority6 [] 831 * nSubAuthority7 [] 832 * pSid [] 833 */ 834 BOOL WINAPI 835 AllocateAndInitializeSid( PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, 836 BYTE nSubAuthorityCount, 837 DWORD nSubAuthority0, DWORD nSubAuthority1, 838 DWORD nSubAuthority2, DWORD nSubAuthority3, 839 DWORD nSubAuthority4, DWORD nSubAuthority5, 840 DWORD nSubAuthority6, DWORD nSubAuthority7, 841 PSID *pSid ) 842 { 843 return set_ntstatus( RtlAllocateAndInitializeSid( 844 pIdentifierAuthority, nSubAuthorityCount, 845 nSubAuthority0, nSubAuthority1, nSubAuthority2, nSubAuthority3, 846 nSubAuthority4, nSubAuthority5, nSubAuthority6, nSubAuthority7, 847 pSid )); 848 } 849 850 /****************************************************************************** 851 * FreeSid [ADVAPI32.@] 852 * 853 * PARAMS 854 * pSid [] 855 */ 856 PVOID WINAPI 857 FreeSid( PSID pSid ) 858 { 859 RtlFreeSid(pSid); 860 return NULL; /* is documented like this */ 861 } 862 863 /****************************************************************************** 864 * CopySid [ADVAPI32.@] 865 * 866 * PARAMS 867 * nDestinationSidLength [] 868 * pDestinationSid [] 869 * pSourceSid [] 870 */ 871 BOOL WINAPI 872 CopySid( DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid ) 873 { 874 return RtlCopySid(nDestinationSidLength, pDestinationSid, pSourceSid); 875 } 876 877 /****************************************************************************** 878 * CreateWellKnownSid [ADVAPI32.@] 879 */ 880 BOOL WINAPI 881 CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, 882 PSID DomainSid, 883 PSID pSid, 884 DWORD* cbSid) 885 { 886 unsigned int i; 887 TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid); 888 889 if (cbSid == NULL || (DomainSid && !IsValidSid(DomainSid))) 890 { 891 SetLastError(ERROR_INVALID_PARAMETER); 892 return FALSE; 893 } 894 895 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) { 896 if (WellKnownSids[i].Type == WellKnownSidType) { 897 DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount); 898 899 if (*cbSid < length) 900 { 901 *cbSid = length; 902 SetLastError(ERROR_INSUFFICIENT_BUFFER); 903 return FALSE; 904 } 905 if (!pSid) 906 { 907 SetLastError(ERROR_INVALID_PARAMETER); 908 return FALSE; 909 } 910 CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length); 911 *cbSid = length; 912 return TRUE; 913 } 914 } 915 916 if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES) 917 { 918 SetLastError(ERROR_INVALID_PARAMETER); 919 return FALSE; 920 } 921 922 for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++) 923 if (WellKnownRids[i].Type == WellKnownSidType) { 924 UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid); 925 DWORD domain_sid_length = GetSidLengthRequired(domain_subauth); 926 DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1); 927 928 if (*cbSid < output_sid_length) 929 { 930 *cbSid = output_sid_length; 931 SetLastError(ERROR_INSUFFICIENT_BUFFER); 932 return FALSE; 933 } 934 if (!pSid) 935 { 936 SetLastError(ERROR_INVALID_PARAMETER); 937 return FALSE; 938 } 939 CopyMemory(pSid, DomainSid, domain_sid_length); 940 (*GetSidSubAuthorityCount(pSid))++; 941 (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid; 942 *cbSid = output_sid_length; 943 return TRUE; 944 } 945 946 SetLastError(ERROR_INVALID_PARAMETER); 947 return FALSE; 948 } 949 950 /****************************************************************************** 951 * IsWellKnownSid [ADVAPI32.@] 952 */ 953 BOOL WINAPI 954 IsWellKnownSid( PSID pSid, WELL_KNOWN_SID_TYPE WellKnownSidType ) 955 { 956 unsigned int i; 957 TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType); 958 959 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) 960 if (WellKnownSids[i].Type == WellKnownSidType) 961 if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision))) 962 return TRUE; 963 964 return FALSE; 965 } 966 967 BOOL WINAPI 968 IsTokenRestricted( HANDLE TokenHandle ) 969 { 970 TOKEN_GROUPS *groups; 971 DWORD size; 972 NTSTATUS status; 973 BOOL restricted; 974 975 TRACE("(%p)\n", TokenHandle); 976 977 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, NULL, 0, &size); 978 if (status != STATUS_BUFFER_TOO_SMALL) 979 return FALSE; 980 981 groups = HeapAlloc(GetProcessHeap(), 0, size); 982 if (!groups) 983 { 984 SetLastError(ERROR_OUTOFMEMORY); 985 return FALSE; 986 } 987 988 status = NtQueryInformationToken(TokenHandle, TokenRestrictedSids, groups, size, &size); 989 if (status != STATUS_SUCCESS) 990 { 991 HeapFree(GetProcessHeap(), 0, groups); 992 return set_ntstatus(status); 993 } 994 995 if (groups->GroupCount) 996 restricted = TRUE; 997 else 998 restricted = FALSE; 999 1000 HeapFree(GetProcessHeap(), 0, groups); 1001 1002 return restricted; 1003 } 1004 1005 /****************************************************************************** 1006 * IsValidSid [ADVAPI32.@] 1007 * 1008 * PARAMS 1009 * pSid [] 1010 */ 1011 BOOL WINAPI 1012 IsValidSid( PSID pSid ) 1013 { 1014 return RtlValidSid( pSid ); 1015 } 1016 1017 /****************************************************************************** 1018 * EqualSid [ADVAPI32.@] 1019 * 1020 * PARAMS 1021 * pSid1 [] 1022 * pSid2 [] 1023 */ 1024 BOOL WINAPI 1025 EqualSid( PSID pSid1, PSID pSid2 ) 1026 { 1027 BOOL ret = RtlEqualSid( pSid1, pSid2 ); 1028 SetLastError(ERROR_SUCCESS); 1029 return ret; 1030 } 1031 1032 /****************************************************************************** 1033 * EqualPrefixSid [ADVAPI32.@] 1034 */ 1035 BOOL WINAPI EqualPrefixSid (PSID pSid1, PSID pSid2) 1036 { 1037 return RtlEqualPrefixSid(pSid1, pSid2); 1038 } 1039 1040 /****************************************************************************** 1041 * GetSidLengthRequired [ADVAPI32.@] 1042 * 1043 * PARAMS 1044 * nSubAuthorityCount [] 1045 */ 1046 DWORD WINAPI 1047 GetSidLengthRequired( BYTE nSubAuthorityCount ) 1048 { 1049 return RtlLengthRequiredSid(nSubAuthorityCount); 1050 } 1051 1052 /****************************************************************************** 1053 * InitializeSid [ADVAPI32.@] 1054 * 1055 * PARAMS 1056 * pIdentifierAuthority [] 1057 */ 1058 BOOL WINAPI 1059 InitializeSid ( 1060 PSID pSid, 1061 PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, 1062 BYTE nSubAuthorityCount) 1063 { 1064 return RtlInitializeSid(pSid, pIdentifierAuthority, nSubAuthorityCount); 1065 } 1066 1067 DWORD WINAPI 1068 GetEffectiveRightsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pAccessRights ) 1069 { 1070 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights); 1071 1072 *pAccessRights = STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL; 1073 return 0; 1074 } 1075 1076 DWORD WINAPI 1077 GetEffectiveRightsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pAccessRights ) 1078 { 1079 FIXME("%p %p %p - stub\n", pacl, pTrustee, pAccessRights); 1080 1081 return 1; 1082 } 1083 1084 /****************************************************************************** 1085 * GetSidIdentifierAuthority [ADVAPI32.@] 1086 * 1087 * PARAMS 1088 * pSid [] 1089 */ 1090 PSID_IDENTIFIER_AUTHORITY WINAPI 1091 GetSidIdentifierAuthority( PSID pSid ) 1092 { 1093 return RtlIdentifierAuthoritySid(pSid); 1094 } 1095 1096 /****************************************************************************** 1097 * GetSidSubAuthority [ADVAPI32.@] 1098 * 1099 * PARAMS 1100 * pSid [] 1101 * nSubAuthority [] 1102 */ 1103 PDWORD WINAPI 1104 GetSidSubAuthority( PSID pSid, DWORD nSubAuthority ) 1105 { 1106 SetLastError(ERROR_SUCCESS); 1107 return RtlSubAuthoritySid(pSid, nSubAuthority); 1108 } 1109 1110 /****************************************************************************** 1111 * GetSidSubAuthorityCount [ADVAPI32.@] 1112 * 1113 * PARAMS 1114 * pSid [] 1115 */ 1116 PUCHAR WINAPI 1117 GetSidSubAuthorityCount (PSID pSid) 1118 { 1119 SetLastError(ERROR_SUCCESS); 1120 return RtlSubAuthorityCountSid(pSid); 1121 } 1122 1123 /****************************************************************************** 1124 * GetLengthSid [ADVAPI32.@] 1125 * 1126 * PARAMS 1127 * pSid [] 1128 */ 1129 DWORD WINAPI 1130 GetLengthSid (PSID pSid) 1131 { 1132 return RtlLengthSid(pSid); 1133 } 1134 1135 /* ############################################## 1136 ###### SECURITY DESCRIPTOR FUNCTIONS ###### 1137 ############################################## 1138 */ 1139 1140 /****************************************************************************** 1141 * BuildSecurityDescriptorA [ADVAPI32.@] 1142 * 1143 * Builds a SD from 1144 * 1145 * PARAMS 1146 * pOwner [I] 1147 * pGroup [I] 1148 * cCountOfAccessEntries [I] 1149 * pListOfAccessEntries [I] 1150 * cCountOfAuditEntries [I] 1151 * pListofAuditEntries [I] 1152 * pOldSD [I] 1153 * lpdwBufferLength [I/O] 1154 * pNewSD [O] 1155 * 1156 * RETURNS 1157 * Success: ERROR_SUCCESS 1158 * Failure: nonzero error code from Winerror.h 1159 */ 1160 DWORD WINAPI BuildSecurityDescriptorA( 1161 IN PTRUSTEEA pOwner, 1162 IN PTRUSTEEA pGroup, 1163 IN ULONG cCountOfAccessEntries, 1164 IN PEXPLICIT_ACCESSA pListOfAccessEntries, 1165 IN ULONG cCountOfAuditEntries, 1166 IN PEXPLICIT_ACCESSA pListofAuditEntries, 1167 IN PSECURITY_DESCRIPTOR pOldSD, 1168 IN OUT PULONG lpdwBufferLength, 1169 OUT PSECURITY_DESCRIPTOR* pNewSD) 1170 { 1171 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup, 1172 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries, 1173 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD); 1174 1175 return ERROR_CALL_NOT_IMPLEMENTED; 1176 } 1177 1178 /****************************************************************************** 1179 * BuildSecurityDescriptorW [ADVAPI32.@] 1180 * 1181 * See BuildSecurityDescriptorA. 1182 */ 1183 DWORD WINAPI BuildSecurityDescriptorW( 1184 IN PTRUSTEEW pOwner, 1185 IN PTRUSTEEW pGroup, 1186 IN ULONG cCountOfAccessEntries, 1187 IN PEXPLICIT_ACCESSW pListOfAccessEntries, 1188 IN ULONG cCountOfAuditEntries, 1189 IN PEXPLICIT_ACCESSW pListofAuditEntries, 1190 IN PSECURITY_DESCRIPTOR pOldSD, 1191 IN OUT PULONG lpdwBufferLength, 1192 OUT PSECURITY_DESCRIPTOR* pNewSD) 1193 { 1194 FIXME("(%p,%p,%d,%p,%d,%p,%p,%p,%p) stub!\n",pOwner,pGroup, 1195 cCountOfAccessEntries,pListOfAccessEntries,cCountOfAuditEntries, 1196 pListofAuditEntries,pOldSD,lpdwBufferLength,pNewSD); 1197 1198 return ERROR_CALL_NOT_IMPLEMENTED; 1199 } 1200 1201 /****************************************************************************** 1202 * InitializeSecurityDescriptor [ADVAPI32.@] 1203 * 1204 * PARAMS 1205 * pDescr [] 1206 * revision [] 1207 */ 1208 BOOL WINAPI 1209 InitializeSecurityDescriptor( PSECURITY_DESCRIPTOR pDescr, DWORD revision ) 1210 { 1211 return set_ntstatus( RtlCreateSecurityDescriptor(pDescr, revision )); 1212 } 1213 1214 1215 /****************************************************************************** 1216 * MakeAbsoluteSD [ADVAPI32.@] 1217 */ 1218 BOOL WINAPI MakeAbsoluteSD ( 1219 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, 1220 OUT PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, 1221 OUT LPDWORD lpdwAbsoluteSecurityDescriptorSize, 1222 OUT PACL pDacl, 1223 OUT LPDWORD lpdwDaclSize, 1224 OUT PACL pSacl, 1225 OUT LPDWORD lpdwSaclSize, 1226 OUT PSID pOwner, 1227 OUT LPDWORD lpdwOwnerSize, 1228 OUT PSID pPrimaryGroup, 1229 OUT LPDWORD lpdwPrimaryGroupSize) 1230 { 1231 return set_ntstatus( RtlSelfRelativeToAbsoluteSD(pSelfRelativeSecurityDescriptor, 1232 pAbsoluteSecurityDescriptor, 1233 lpdwAbsoluteSecurityDescriptorSize, 1234 pDacl, lpdwDaclSize, pSacl, lpdwSaclSize, 1235 pOwner, lpdwOwnerSize, 1236 pPrimaryGroup, lpdwPrimaryGroupSize)); 1237 } 1238 1239 /****************************************************************************** 1240 * GetKernelObjectSecurity [ADVAPI32.@] 1241 */ 1242 BOOL WINAPI GetKernelObjectSecurity( 1243 HANDLE Handle, 1244 SECURITY_INFORMATION RequestedInformation, 1245 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1246 DWORD nLength, 1247 LPDWORD lpnLengthNeeded ) 1248 { 1249 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", Handle, RequestedInformation, 1250 pSecurityDescriptor, nLength, lpnLengthNeeded); 1251 1252 return set_ntstatus( NtQuerySecurityObject(Handle, RequestedInformation, pSecurityDescriptor, 1253 nLength, lpnLengthNeeded )); 1254 } 1255 1256 /****************************************************************************** 1257 * GetPrivateObjectSecurity [ADVAPI32.@] 1258 */ 1259 BOOL WINAPI GetPrivateObjectSecurity( 1260 PSECURITY_DESCRIPTOR ObjectDescriptor, 1261 SECURITY_INFORMATION SecurityInformation, 1262 PSECURITY_DESCRIPTOR ResultantDescriptor, 1263 DWORD DescriptorLength, 1264 PDWORD ReturnLength ) 1265 { 1266 SECURITY_DESCRIPTOR desc; 1267 BOOL defaulted, present; 1268 PACL pacl; 1269 PSID psid; 1270 1271 TRACE("(%p,0x%08x,%p,0x%08x,%p)\n", ObjectDescriptor, SecurityInformation, 1272 ResultantDescriptor, DescriptorLength, ReturnLength); 1273 1274 if (!InitializeSecurityDescriptor(&desc, SECURITY_DESCRIPTOR_REVISION)) 1275 return FALSE; 1276 1277 if (SecurityInformation & OWNER_SECURITY_INFORMATION) 1278 { 1279 if (!GetSecurityDescriptorOwner(ObjectDescriptor, &psid, &defaulted)) 1280 return FALSE; 1281 SetSecurityDescriptorOwner(&desc, psid, defaulted); 1282 } 1283 1284 if (SecurityInformation & GROUP_SECURITY_INFORMATION) 1285 { 1286 if (!GetSecurityDescriptorGroup(ObjectDescriptor, &psid, &defaulted)) 1287 return FALSE; 1288 SetSecurityDescriptorGroup(&desc, psid, defaulted); 1289 } 1290 1291 if (SecurityInformation & DACL_SECURITY_INFORMATION) 1292 { 1293 if (!GetSecurityDescriptorDacl(ObjectDescriptor, &present, &pacl, &defaulted)) 1294 return FALSE; 1295 SetSecurityDescriptorDacl(&desc, present, pacl, defaulted); 1296 } 1297 1298 if (SecurityInformation & SACL_SECURITY_INFORMATION) 1299 { 1300 if (!GetSecurityDescriptorSacl(ObjectDescriptor, &present, &pacl, &defaulted)) 1301 return FALSE; 1302 SetSecurityDescriptorSacl(&desc, present, pacl, defaulted); 1303 } 1304 1305 *ReturnLength = DescriptorLength; 1306 return MakeSelfRelativeSD(&desc, ResultantDescriptor, ReturnLength); 1307 } 1308 1309 /****************************************************************************** 1310 * GetSecurityDescriptorLength [ADVAPI32.@] 1311 */ 1312 DWORD WINAPI GetSecurityDescriptorLength( PSECURITY_DESCRIPTOR pDescr) 1313 { 1314 return RtlLengthSecurityDescriptor(pDescr); 1315 } 1316 1317 /****************************************************************************** 1318 * GetSecurityDescriptorOwner [ADVAPI32.@] 1319 * 1320 * PARAMS 1321 * pOwner [] 1322 * lpbOwnerDefaulted [] 1323 */ 1324 BOOL WINAPI 1325 GetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pDescr, PSID *pOwner, 1326 LPBOOL lpbOwnerDefaulted ) 1327 { 1328 BOOLEAN defaulted; 1329 BOOL ret = set_ntstatus( RtlGetOwnerSecurityDescriptor( pDescr, pOwner, &defaulted )); 1330 *lpbOwnerDefaulted = defaulted; 1331 return ret; 1332 } 1333 1334 /****************************************************************************** 1335 * SetSecurityDescriptorOwner [ADVAPI32.@] 1336 * 1337 * PARAMS 1338 */ 1339 BOOL WINAPI SetSecurityDescriptorOwner( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1340 PSID pOwner, BOOL bOwnerDefaulted) 1341 { 1342 return set_ntstatus( RtlSetOwnerSecurityDescriptor(pSecurityDescriptor, pOwner, bOwnerDefaulted)); 1343 } 1344 /****************************************************************************** 1345 * GetSecurityDescriptorGroup [ADVAPI32.@] 1346 */ 1347 BOOL WINAPI GetSecurityDescriptorGroup( 1348 PSECURITY_DESCRIPTOR SecurityDescriptor, 1349 PSID *Group, 1350 LPBOOL GroupDefaulted) 1351 { 1352 BOOLEAN defaulted; 1353 BOOL ret = set_ntstatus( RtlGetGroupSecurityDescriptor(SecurityDescriptor, Group, &defaulted )); 1354 *GroupDefaulted = defaulted; 1355 return ret; 1356 } 1357 /****************************************************************************** 1358 * SetSecurityDescriptorGroup [ADVAPI32.@] 1359 */ 1360 BOOL WINAPI SetSecurityDescriptorGroup ( PSECURITY_DESCRIPTOR SecurityDescriptor, 1361 PSID Group, BOOL GroupDefaulted) 1362 { 1363 return set_ntstatus( RtlSetGroupSecurityDescriptor( SecurityDescriptor, Group, GroupDefaulted)); 1364 } 1365 1366 /****************************************************************************** 1367 * IsValidSecurityDescriptor [ADVAPI32.@] 1368 * 1369 * PARAMS 1370 * lpsecdesc [] 1371 */ 1372 BOOL WINAPI 1373 IsValidSecurityDescriptor( PSECURITY_DESCRIPTOR SecurityDescriptor ) 1374 { 1375 return set_ntstatus( RtlValidSecurityDescriptor(SecurityDescriptor)); 1376 } 1377 1378 /****************************************************************************** 1379 * GetSecurityDescriptorDacl [ADVAPI32.@] 1380 */ 1381 BOOL WINAPI GetSecurityDescriptorDacl( 1382 IN PSECURITY_DESCRIPTOR pSecurityDescriptor, 1383 OUT LPBOOL lpbDaclPresent, 1384 OUT PACL *pDacl, 1385 OUT LPBOOL lpbDaclDefaulted) 1386 { 1387 BOOLEAN present, defaulted; 1388 BOOL ret = set_ntstatus( RtlGetDaclSecurityDescriptor(pSecurityDescriptor, &present, pDacl, &defaulted)); 1389 *lpbDaclPresent = present; 1390 *lpbDaclDefaulted = defaulted; 1391 return ret; 1392 } 1393 1394 /****************************************************************************** 1395 * SetSecurityDescriptorDacl [ADVAPI32.@] 1396 */ 1397 BOOL WINAPI 1398 SetSecurityDescriptorDacl ( 1399 PSECURITY_DESCRIPTOR lpsd, 1400 BOOL daclpresent, 1401 PACL dacl, 1402 BOOL dacldefaulted ) 1403 { 1404 return set_ntstatus( RtlSetDaclSecurityDescriptor (lpsd, daclpresent, dacl, dacldefaulted ) ); 1405 } 1406 /****************************************************************************** 1407 * GetSecurityDescriptorSacl [ADVAPI32.@] 1408 */ 1409 BOOL WINAPI GetSecurityDescriptorSacl( 1410 IN PSECURITY_DESCRIPTOR lpsd, 1411 OUT LPBOOL lpbSaclPresent, 1412 OUT PACL *pSacl, 1413 OUT LPBOOL lpbSaclDefaulted) 1414 { 1415 BOOLEAN present, defaulted; 1416 BOOL ret = set_ntstatus( RtlGetSaclSecurityDescriptor(lpsd, &present, pSacl, &defaulted) ); 1417 *lpbSaclPresent = present; 1418 *lpbSaclDefaulted = defaulted; 1419 return ret; 1420 } 1421 1422 /************************************************************************** 1423 * SetSecurityDescriptorSacl [ADVAPI32.@] 1424 */ 1425 BOOL WINAPI SetSecurityDescriptorSacl ( 1426 PSECURITY_DESCRIPTOR lpsd, 1427 BOOL saclpresent, 1428 PACL lpsacl, 1429 BOOL sacldefaulted) 1430 { 1431 return set_ntstatus (RtlSetSaclSecurityDescriptor(lpsd, saclpresent, lpsacl, sacldefaulted)); 1432 } 1433 /****************************************************************************** 1434 * MakeSelfRelativeSD [ADVAPI32.@] 1435 * 1436 * PARAMS 1437 * lpabssecdesc [] 1438 * lpselfsecdesc [] 1439 * lpbuflen [] 1440 */ 1441 BOOL WINAPI 1442 MakeSelfRelativeSD( 1443 IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, 1444 IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, 1445 IN OUT LPDWORD lpdwBufferLength) 1446 { 1447 return set_ntstatus( RtlMakeSelfRelativeSD( pAbsoluteSecurityDescriptor, 1448 pSelfRelativeSecurityDescriptor, lpdwBufferLength)); 1449 } 1450 1451 /****************************************************************************** 1452 * GetSecurityDescriptorControl [ADVAPI32.@] 1453 */ 1454 1455 BOOL WINAPI GetSecurityDescriptorControl ( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1456 PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision) 1457 { 1458 return set_ntstatus( RtlGetControlSecurityDescriptor(pSecurityDescriptor,pControl,lpdwRevision)); 1459 } 1460 1461 /****************************************************************************** 1462 * SetSecurityDescriptorControl [ADVAPI32.@] 1463 */ 1464 BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescriptor, 1465 SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, 1466 SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet ) 1467 { 1468 return set_ntstatus( RtlSetControlSecurityDescriptor( 1469 pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) ); 1470 } 1471 1472 /* ############################## 1473 ###### ACL FUNCTIONS ###### 1474 ############################## 1475 */ 1476 1477 /************************************************************************* 1478 * InitializeAcl [ADVAPI32.@] 1479 */ 1480 BOOL WINAPI InitializeAcl(PACL acl, DWORD size, DWORD rev) 1481 { 1482 return set_ntstatus( RtlCreateAcl(acl, size, rev)); 1483 } 1484 1485 BOOL WINAPI ImpersonateNamedPipeClient( HANDLE hNamedPipe ) 1486 { 1487 IO_STATUS_BLOCK io_block; 1488 1489 TRACE("(%p)\n", hNamedPipe); 1490 1491 return set_ntstatus( NtFsControlFile(hNamedPipe, NULL, NULL, NULL, 1492 &io_block, FSCTL_PIPE_IMPERSONATE, NULL, 0, NULL, 0) ); 1493 } 1494 1495 /****************************************************************************** 1496 * AddAccessAllowedAce [ADVAPI32.@] 1497 */ 1498 BOOL WINAPI AddAccessAllowedAce( 1499 IN OUT PACL pAcl, 1500 IN DWORD dwAceRevision, 1501 IN DWORD AccessMask, 1502 IN PSID pSid) 1503 { 1504 return set_ntstatus(RtlAddAccessAllowedAce(pAcl, dwAceRevision, AccessMask, pSid)); 1505 } 1506 1507 /****************************************************************************** 1508 * AddAccessAllowedAceEx [ADVAPI32.@] 1509 */ 1510 BOOL WINAPI AddAccessAllowedAceEx( 1511 IN OUT PACL pAcl, 1512 IN DWORD dwAceRevision, 1513 IN DWORD AceFlags, 1514 IN DWORD AccessMask, 1515 IN PSID pSid) 1516 { 1517 return set_ntstatus(RtlAddAccessAllowedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid)); 1518 } 1519 1520 /****************************************************************************** 1521 * AddAccessDeniedAce [ADVAPI32.@] 1522 */ 1523 BOOL WINAPI AddAccessDeniedAce( 1524 IN OUT PACL pAcl, 1525 IN DWORD dwAceRevision, 1526 IN DWORD AccessMask, 1527 IN PSID pSid) 1528 { 1529 return set_ntstatus(RtlAddAccessDeniedAce(pAcl, dwAceRevision, AccessMask, pSid)); 1530 } 1531 1532 /****************************************************************************** 1533 * AddAccessDeniedAceEx [ADVAPI32.@] 1534 */ 1535 BOOL WINAPI AddAccessDeniedAceEx( 1536 IN OUT PACL pAcl, 1537 IN DWORD dwAceRevision, 1538 IN DWORD AceFlags, 1539 IN DWORD AccessMask, 1540 IN PSID pSid) 1541 { 1542 return set_ntstatus(RtlAddAccessDeniedAceEx(pAcl, dwAceRevision, AceFlags, AccessMask, pSid)); 1543 } 1544 1545 /****************************************************************************** 1546 * AddAce [ADVAPI32.@] 1547 */ 1548 BOOL WINAPI AddAce( 1549 IN OUT PACL pAcl, 1550 IN DWORD dwAceRevision, 1551 IN DWORD dwStartingAceIndex, 1552 LPVOID pAceList, 1553 DWORD nAceListLength) 1554 { 1555 return set_ntstatus(RtlAddAce(pAcl, dwAceRevision, dwStartingAceIndex, pAceList, nAceListLength)); 1556 } 1557 1558 /****************************************************************************** 1559 * DeleteAce [ADVAPI32.@] 1560 */ 1561 BOOL WINAPI DeleteAce(PACL pAcl, DWORD dwAceIndex) 1562 { 1563 return set_ntstatus(RtlDeleteAce(pAcl, dwAceIndex)); 1564 } 1565 1566 /****************************************************************************** 1567 * FindFirstFreeAce [ADVAPI32.@] 1568 */ 1569 BOOL WINAPI FindFirstFreeAce(IN PACL pAcl, LPVOID * pAce) 1570 { 1571 return RtlFirstFreeAce(pAcl, (PACE_HEADER *)pAce); 1572 } 1573 1574 /****************************************************************************** 1575 * GetAce [ADVAPI32.@] 1576 */ 1577 BOOL WINAPI GetAce(PACL pAcl,DWORD dwAceIndex,LPVOID *pAce ) 1578 { 1579 return set_ntstatus(RtlGetAce(pAcl, dwAceIndex, pAce)); 1580 } 1581 1582 /****************************************************************************** 1583 * GetAclInformation [ADVAPI32.@] 1584 */ 1585 BOOL WINAPI GetAclInformation( 1586 PACL pAcl, 1587 LPVOID pAclInformation, 1588 DWORD nAclInformationLength, 1589 ACL_INFORMATION_CLASS dwAclInformationClass) 1590 { 1591 return set_ntstatus(RtlQueryInformationAcl(pAcl, pAclInformation, 1592 nAclInformationLength, dwAclInformationClass)); 1593 } 1594 1595 /****************************************************************************** 1596 * IsValidAcl [ADVAPI32.@] 1597 */ 1598 BOOL WINAPI IsValidAcl(IN PACL pAcl) 1599 { 1600 return RtlValidAcl(pAcl); 1601 } 1602 1603 /* ############################## 1604 ###### MISC FUNCTIONS ###### 1605 ############################## 1606 */ 1607 1608 /****************************************************************************** 1609 * AllocateLocallyUniqueId [ADVAPI32.@] 1610 * 1611 * PARAMS 1612 * lpLuid [] 1613 */ 1614 BOOL WINAPI AllocateLocallyUniqueId( PLUID lpLuid ) 1615 { 1616 return set_ntstatus(NtAllocateLocallyUniqueId(lpLuid)); 1617 } 1618 1619 static const WCHAR SE_CREATE_TOKEN_NAME_W[] = 1620 { 'S','e','C','r','e','a','t','e','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 }; 1621 static const WCHAR SE_ASSIGNPRIMARYTOKEN_NAME_W[] = 1622 { 'S','e','A','s','s','i','g','n','P','r','i','m','a','r','y','T','o','k','e','n','P','r','i','v','i','l','e','g','e',0 }; 1623 static const WCHAR SE_LOCK_MEMORY_NAME_W[] = 1624 { 'S','e','L','o','c','k','M','e','m','o','r','y','P','r','i','v','i','l','e','g','e',0 }; 1625 static const WCHAR SE_INCREASE_QUOTA_NAME_W[] = 1626 { 'S','e','I','n','c','r','e','a','s','e','Q','u','o','t','a','P','r','i','v','i','l','e','g','e',0 }; 1627 static const WCHAR SE_MACHINE_ACCOUNT_NAME_W[] = 1628 { 'S','e','M','a','c','h','i','n','e','A','c','c','o','u','n','t','P','r','i','v','i','l','e','g','e',0 }; 1629 static const WCHAR SE_TCB_NAME_W[] = 1630 { 'S','e','T','c','b','P','r','i','v','i','l','e','g','e',0 }; 1631 static const WCHAR SE_SECURITY_NAME_W[] = 1632 { 'S','e','S','e','c','u','r','i','t','y','P','r','i','v','i','l','e','g','e',0 }; 1633 static const WCHAR SE_TAKE_OWNERSHIP_NAME_W[] = 1634 { 'S','e','T','a','k','e','O','w','n','e','r','s','h','i','p','P','r','i','v','i','l','e','g','e',0 }; 1635 static const WCHAR SE_LOAD_DRIVER_NAME_W[] = 1636 { 'S','e','L','o','a','d','D','r','i','v','e','r','P','r','i','v','i','l','e','g','e',0 }; 1637 static const WCHAR SE_SYSTEM_PROFILE_NAME_W[] = 1638 { 'S','e','S','y','s','t','e','m','P','r','o','f','i','l','e','P','r','i','v','i','l','e','g','e',0 }; 1639 static const WCHAR SE_SYSTEMTIME_NAME_W[] = 1640 { 'S','e','S','y','s','t','e','m','t','i','m','e','P','r','i','v','i','l','e','g','e',0 }; 1641 static const WCHAR SE_PROF_SINGLE_PROCESS_NAME_W[] = 1642 { 'S','e','P','r','o','f','i','l','e','S','i','n','g','l','e','P','r','o','c','e','s','s','P','r','i','v','i','l','e','g','e',0 }; 1643 static const WCHAR SE_INC_BASE_PRIORITY_NAME_W[] = 1644 { 'S','e','I','n','c','r','e','a','s','e','B','a','s','e','P','r','i','o','r','i','t','y','P','r','i','v','i','l','e','g','e',0 }; 1645 static const WCHAR SE_CREATE_PAGEFILE_NAME_W[] = 1646 { 'S','e','C','r','e','a','t','e','P','a','g','e','f','i','l','e','P','r','i','v','i','l','e','g','e',0 }; 1647 static const WCHAR SE_CREATE_PERMANENT_NAME_W[] = 1648 { 'S','e','C','r','e','a','t','e','P','e','r','m','a','n','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1649 static const WCHAR SE_BACKUP_NAME_W[] = 1650 { 'S','e','B','a','c','k','u','p','P','r','i','v','i','l','e','g','e',0 }; 1651 static const WCHAR SE_RESTORE_NAME_W[] = 1652 { 'S','e','R','e','s','t','o','r','e','P','r','i','v','i','l','e','g','e',0 }; 1653 static const WCHAR SE_SHUTDOWN_NAME_W[] = 1654 { 'S','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 }; 1655 static const WCHAR SE_DEBUG_NAME_W[] = 1656 { 'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0 }; 1657 static const WCHAR SE_AUDIT_NAME_W[] = 1658 { 'S','e','A','u','d','i','t','P','r','i','v','i','l','e','g','e',0 }; 1659 static const WCHAR SE_SYSTEM_ENVIRONMENT_NAME_W[] = 1660 { 'S','e','S','y','s','t','e','m','E','n','v','i','r','o','n','m','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1661 static const WCHAR SE_CHANGE_NOTIFY_NAME_W[] = 1662 { 'S','e','C','h','a','n','g','e','N','o','t','i','f','y','P','r','i','v','i','l','e','g','e',0 }; 1663 static const WCHAR SE_REMOTE_SHUTDOWN_NAME_W[] = 1664 { 'S','e','R','e','m','o','t','e','S','h','u','t','d','o','w','n','P','r','i','v','i','l','e','g','e',0 }; 1665 static const WCHAR SE_UNDOCK_NAME_W[] = 1666 { 'S','e','U','n','d','o','c','k','P','r','i','v','i','l','e','g','e',0 }; 1667 static const WCHAR SE_SYNC_AGENT_NAME_W[] = 1668 { 'S','e','S','y','n','c','A','g','e','n','t','P','r','i','v','i','l','e','g','e',0 }; 1669 static const WCHAR SE_ENABLE_DELEGATION_NAME_W[] = 1670 { 'S','e','E','n','a','b','l','e','D','e','l','e','g','a','t','i','o','n','P','r','i','v','i','l','e','g','e',0 }; 1671 static const WCHAR SE_MANAGE_VOLUME_NAME_W[] = 1672 { 'S','e','M','a','n','a','g','e','V','o','l','u','m','e','P','r','i','v','i','l','e','g','e',0 }; 1673 static const WCHAR SE_IMPERSONATE_NAME_W[] = 1674 { 'S','e','I','m','p','e','r','s','o','n','a','t','e','P','r','i','v','i','l','e','g','e',0 }; 1675 static const WCHAR SE_CREATE_GLOBAL_NAME_W[] = 1676 { 'S','e','C','r','e','a','t','e','G','l','o','b','a','l','P','r','i','v','i','l','e','g','e',0 }; 1677 1678 static const WCHAR * const WellKnownPrivNames[SE_MAX_WELL_KNOWN_PRIVILEGE + 1] = 1679 { 1680 NULL, 1681 NULL, 1682 SE_CREATE_TOKEN_NAME_W, 1683 SE_ASSIGNPRIMARYTOKEN_NAME_W, 1684 SE_LOCK_MEMORY_NAME_W, 1685 SE_INCREASE_QUOTA_NAME_W, 1686 SE_MACHINE_ACCOUNT_NAME_W, 1687 SE_TCB_NAME_W, 1688 SE_SECURITY_NAME_W, 1689 SE_TAKE_OWNERSHIP_NAME_W, 1690 SE_LOAD_DRIVER_NAME_W, 1691 SE_SYSTEM_PROFILE_NAME_W, 1692 SE_SYSTEMTIME_NAME_W, 1693 SE_PROF_SINGLE_PROCESS_NAME_W, 1694 SE_INC_BASE_PRIORITY_NAME_W, 1695 SE_CREATE_PAGEFILE_NAME_W, 1696 SE_CREATE_PERMANENT_NAME_W, 1697 SE_BACKUP_NAME_W, 1698 SE_RESTORE_NAME_W, 1699 SE_SHUTDOWN_NAME_W, 1700 SE_DEBUG_NAME_W, 1701 SE_AUDIT_NAME_W, 1702 SE_SYSTEM_ENVIRONMENT_NAME_W, 1703 SE_CHANGE_NOTIFY_NAME_W, 1704 SE_REMOTE_SHUTDOWN_NAME_W, 1705 SE_UNDOCK_NAME_W, 1706 SE_SYNC_AGENT_NAME_W, 1707 SE_ENABLE_DELEGATION_NAME_W, 1708 SE_MANAGE_VOLUME_NAME_W, 1709 SE_IMPERSONATE_NAME_W, 1710 SE_CREATE_GLOBAL_NAME_W, 1711 }; 1712 1713 /****************************************************************************** 1714 * LookupPrivilegeValueW [ADVAPI32.@] 1715 * 1716 * See LookupPrivilegeValueA. 1717 */ 1718 BOOL WINAPI 1719 LookupPrivilegeValueW( LPCWSTR lpSystemName, LPCWSTR lpName, PLUID lpLuid ) 1720 { 1721 UINT i; 1722 1723 TRACE("%s,%s,%p\n",debugstr_w(lpSystemName), debugstr_w(lpName), lpLuid); 1724 1725 if (!ADVAPI_IsLocalComputer(lpSystemName)) 1726 { 1727 SetLastError(RPC_S_SERVER_UNAVAILABLE); 1728 return FALSE; 1729 } 1730 if (!lpName) 1731 { 1732 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1733 return FALSE; 1734 } 1735 for( i=SE_MIN_WELL_KNOWN_PRIVILEGE; i<=SE_MAX_WELL_KNOWN_PRIVILEGE; i++ ) 1736 { 1737 if( !WellKnownPrivNames[i] ) 1738 continue; 1739 if( strcmpiW( WellKnownPrivNames[i], lpName) ) 1740 continue; 1741 lpLuid->LowPart = i; 1742 lpLuid->HighPart = 0; 1743 TRACE( "%s -> %08x-%08x\n",debugstr_w( lpSystemName ), 1744 lpLuid->HighPart, lpLuid->LowPart ); 1745 return TRUE; 1746 } 1747 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1748 return FALSE; 1749 } 1750 1751 /****************************************************************************** 1752 * LookupPrivilegeValueA [ADVAPI32.@] 1753 * 1754 * Retrieves LUID used on a system to represent the privilege name. 1755 * 1756 * PARAMS 1757 * lpSystemName [I] Name of the system 1758 * lpName [I] Name of the privilege 1759 * lpLuid [O] Destination for the resulting LUID 1760 * 1761 * RETURNS 1762 * Success: TRUE. lpLuid contains the requested LUID. 1763 * Failure: FALSE. 1764 */ 1765 BOOL WINAPI 1766 LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid ) 1767 { 1768 UNICODE_STRING lpSystemNameW; 1769 UNICODE_STRING lpNameW; 1770 BOOL ret; 1771 1772 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName); 1773 RtlCreateUnicodeStringFromAsciiz(&lpNameW,lpName); 1774 ret = LookupPrivilegeValueW(lpSystemNameW.Buffer, lpNameW.Buffer, lpLuid); 1775 RtlFreeUnicodeString(&lpNameW); 1776 RtlFreeUnicodeString(&lpSystemNameW); 1777 return ret; 1778 } 1779 1780 BOOL WINAPI LookupPrivilegeDisplayNameA( LPCSTR lpSystemName, LPCSTR lpName, LPSTR lpDisplayName, 1781 LPDWORD cchDisplayName, LPDWORD lpLanguageId ) 1782 { 1783 FIXME("%s %s %s %p %p - stub\n", debugstr_a(lpSystemName), debugstr_a(lpName), 1784 debugstr_a(lpDisplayName), cchDisplayName, lpLanguageId); 1785 1786 return FALSE; 1787 } 1788 1789 BOOL WINAPI LookupPrivilegeDisplayNameW( LPCWSTR lpSystemName, LPCWSTR lpName, LPWSTR lpDisplayName, 1790 LPDWORD cchDisplayName, LPDWORD lpLanguageId ) 1791 { 1792 FIXME("%s %s %s %p %p - stub\n", debugstr_w(lpSystemName), debugstr_w(lpName), 1793 debugstr_w(lpDisplayName), cchDisplayName, lpLanguageId); 1794 1795 return FALSE; 1796 } 1797 1798 /****************************************************************************** 1799 * LookupPrivilegeNameA [ADVAPI32.@] 1800 * 1801 * See LookupPrivilegeNameW. 1802 */ 1803 BOOL WINAPI 1804 LookupPrivilegeNameA( LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, 1805 LPDWORD cchName) 1806 { 1807 UNICODE_STRING lpSystemNameW; 1808 BOOL ret; 1809 DWORD wLen = 0; 1810 1811 TRACE("%s %p %p %p\n", debugstr_a(lpSystemName), lpLuid, lpName, cchName); 1812 1813 RtlCreateUnicodeStringFromAsciiz(&lpSystemNameW, lpSystemName); 1814 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, NULL, &wLen); 1815 if (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER) 1816 { 1817 LPWSTR lpNameW = HeapAlloc(GetProcessHeap(), 0, wLen * sizeof(WCHAR)); 1818 1819 ret = LookupPrivilegeNameW(lpSystemNameW.Buffer, lpLuid, lpNameW, 1820 &wLen); 1821 if (ret) 1822 { 1823 /* Windows crashes if cchName is NULL, so will I */ 1824 unsigned int len = WideCharToMultiByte(CP_ACP, 0, lpNameW, -1, lpName, 1825 *cchName, NULL, NULL); 1826 1827 if (len == 0) 1828 { 1829 /* WideCharToMultiByte failed */ 1830 ret = FALSE; 1831 } 1832 else if (len > *cchName) 1833 { 1834 *cchName = len; 1835 SetLastError(ERROR_INSUFFICIENT_BUFFER); 1836 ret = FALSE; 1837 } 1838 else 1839 { 1840 /* WideCharToMultiByte succeeded, output length needs to be 1841 * length not including NULL terminator 1842 */ 1843 *cchName = len - 1; 1844 } 1845 } 1846 HeapFree(GetProcessHeap(), 0, lpNameW); 1847 } 1848 RtlFreeUnicodeString(&lpSystemNameW); 1849 return ret; 1850 } 1851 1852 /****************************************************************************** 1853 * LookupPrivilegeNameW [ADVAPI32.@] 1854 * 1855 * Retrieves the privilege name referred to by the LUID lpLuid. 1856 * 1857 * PARAMS 1858 * lpSystemName [I] Name of the system 1859 * lpLuid [I] Privilege value 1860 * lpName [O] Name of the privilege 1861 * cchName [I/O] Number of characters in lpName. 1862 * 1863 * RETURNS 1864 * Success: TRUE. lpName contains the name of the privilege whose value is 1865 * *lpLuid. 1866 * Failure: FALSE. 1867 * 1868 * REMARKS 1869 * Only well-known privilege names (those defined in winnt.h) can be retrieved 1870 * using this function. 1871 * If the length of lpName is too small, on return *cchName will contain the 1872 * number of WCHARs needed to contain the privilege, including the NULL 1873 * terminator, and GetLastError will return ERROR_INSUFFICIENT_BUFFER. 1874 * On success, *cchName will contain the number of characters stored in 1875 * lpName, NOT including the NULL terminator. 1876 */ 1877 BOOL WINAPI 1878 LookupPrivilegeNameW( LPCWSTR lpSystemName, PLUID lpLuid, LPWSTR lpName, 1879 LPDWORD cchName) 1880 { 1881 size_t privNameLen; 1882 1883 TRACE("%s,%p,%p,%p\n",debugstr_w(lpSystemName), lpLuid, lpName, cchName); 1884 1885 if (!ADVAPI_IsLocalComputer(lpSystemName)) 1886 { 1887 SetLastError(RPC_S_SERVER_UNAVAILABLE); 1888 return FALSE; 1889 } 1890 if (lpLuid->HighPart || (lpLuid->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE || 1891 lpLuid->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE)) 1892 { 1893 SetLastError(ERROR_NO_SUCH_PRIVILEGE); 1894 return FALSE; 1895 } 1896 privNameLen = strlenW(WellKnownPrivNames[lpLuid->LowPart]); 1897 /* Windows crashes if cchName is NULL, so will I */ 1898 if (*cchName <= privNameLen) 1899 { 1900 *cchName = privNameLen + 1; 1901 SetLastError(ERROR_INSUFFICIENT_BUFFER); 1902 return FALSE; 1903 } 1904 else 1905 { 1906 strcpyW(lpName, WellKnownPrivNames[lpLuid->LowPart]); 1907 *cchName = privNameLen; 1908 return TRUE; 1909 } 1910 } 1911 1912 /****************************************************************************** 1913 * GetFileSecurityA [ADVAPI32.@] 1914 * 1915 * Obtains Specified information about the security of a file or directory. 1916 * 1917 * PARAMS 1918 * lpFileName [I] Name of the file to get info for 1919 * RequestedInformation [I] SE_ flags from "winnt.h" 1920 * pSecurityDescriptor [O] Destination for security information 1921 * nLength [I] Length of pSecurityDescriptor 1922 * lpnLengthNeeded [O] Destination for length of returned security information 1923 * 1924 * RETURNS 1925 * Success: TRUE. pSecurityDescriptor contains the requested information. 1926 * Failure: FALSE. lpnLengthNeeded contains the required space to return the info. 1927 * 1928 * NOTES 1929 * The information returned is constrained by the callers access rights and 1930 * privileges. 1931 */ 1932 BOOL WINAPI 1933 GetFileSecurityA( LPCSTR lpFileName, 1934 SECURITY_INFORMATION RequestedInformation, 1935 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1936 DWORD nLength, LPDWORD lpnLengthNeeded ) 1937 { 1938 DWORD len; 1939 BOOL r; 1940 LPWSTR name = NULL; 1941 1942 if( lpFileName ) 1943 { 1944 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 ); 1945 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) ); 1946 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len ); 1947 } 1948 1949 r = GetFileSecurityW( name, RequestedInformation, pSecurityDescriptor, 1950 nLength, lpnLengthNeeded ); 1951 HeapFree( GetProcessHeap(), 0, name ); 1952 1953 return r; 1954 } 1955 1956 /****************************************************************************** 1957 * GetFileSecurityW [ADVAPI32.@] 1958 * 1959 * See GetFileSecurityA. 1960 */ 1961 BOOL WINAPI 1962 GetFileSecurityW( LPCWSTR lpFileName, 1963 SECURITY_INFORMATION RequestedInformation, 1964 PSECURITY_DESCRIPTOR pSecurityDescriptor, 1965 DWORD nLength, LPDWORD lpnLengthNeeded ) 1966 { 1967 HANDLE hfile; 1968 NTSTATUS status; 1969 DWORD access = 0; 1970 1971 TRACE("(%s,%d,%p,%d,%p)\n", debugstr_w(lpFileName), 1972 RequestedInformation, pSecurityDescriptor, 1973 nLength, lpnLengthNeeded); 1974 1975 if (RequestedInformation & (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION| 1976 DACL_SECURITY_INFORMATION)) 1977 access |= READ_CONTROL; 1978 if (RequestedInformation & SACL_SECURITY_INFORMATION) 1979 access |= ACCESS_SYSTEM_SECURITY; 1980 1981 hfile = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, 1982 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0 ); 1983 if ( hfile == INVALID_HANDLE_VALUE ) 1984 return FALSE; 1985 1986 status = NtQuerySecurityObject( hfile, RequestedInformation, pSecurityDescriptor, 1987 nLength, lpnLengthNeeded ); 1988 CloseHandle( hfile ); 1989 return set_ntstatus( status ); 1990 } 1991 1992 1993 /****************************************************************************** 1994 * LookupAccountSidA [ADVAPI32.@] 1995 */ 1996 BOOL WINAPI 1997 LookupAccountSidA( 1998 IN LPCSTR system, 1999 IN PSID sid, 2000 OUT LPSTR account, 2001 IN OUT LPDWORD accountSize, 2002 OUT LPSTR domain, 2003 IN OUT LPDWORD domainSize, 2004 OUT PSID_NAME_USE name_use ) 2005 { 2006 DWORD len; 2007 BOOL r; 2008 LPWSTR systemW = NULL; 2009 LPWSTR accountW = NULL; 2010 LPWSTR domainW = NULL; 2011 DWORD accountSizeW = *accountSize; 2012 DWORD domainSizeW = *domainSize; 2013 2014 if (system) { 2015 len = MultiByteToWideChar( CP_ACP, 0, system, -1, NULL, 0 ); 2016 systemW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ); 2017 MultiByteToWideChar( CP_ACP, 0, system, -1, systemW, len ); 2018 } 2019 if (account) 2020 accountW = HeapAlloc( GetProcessHeap(), 0, accountSizeW * sizeof(WCHAR) ); 2021 if (domain) 2022 domainW = HeapAlloc( GetProcessHeap(), 0, domainSizeW * sizeof(WCHAR) ); 2023 2024 r = LookupAccountSidW( systemW, sid, accountW, &accountSizeW, domainW, &domainSizeW, name_use ); 2025 2026 if (r) { 2027 if (accountW && *accountSize) { 2028 len = WideCharToMultiByte( CP_ACP, 0, accountW, -1, NULL, 0, NULL, NULL ); 2029 WideCharToMultiByte( CP_ACP, 0, accountW, -1, account, len, NULL, NULL ); 2030 *accountSize = len; 2031 } else 2032 *accountSize = accountSizeW + 1; 2033 2034 if (domainW && *domainSize) { 2035 len = WideCharToMultiByte( CP_ACP, 0, domainW, -1, NULL, 0, NULL, NULL ); 2036 WideCharToMultiByte( CP_ACP, 0, domainW, -1, domain, len, NULL, NULL ); 2037 *domainSize = len; 2038 } else 2039 *domainSize = domainSizeW + 1; 2040 } 2041 else 2042 { 2043 *accountSize = accountSizeW + 1; 2044 *domainSize = domainSizeW + 1; 2045 } 2046 2047 HeapFree( GetProcessHeap(), 0, systemW ); 2048 HeapFree( GetProcessHeap(), 0, accountW ); 2049 HeapFree( GetProcessHeap(), 0, domainW ); 2050 2051 return r; 2052 } 2053 2054 /****************************************************************************** 2055 * LookupAccountSidW [ADVAPI32.@] 2056 * 2057 * PARAMS 2058 * system [] 2059 * sid [] 2060 * account [] 2061 * accountSize [] 2062 * domain [] 2063 * domainSize [] 2064 * name_use [] 2065 */ 2066 2067 BOOL WINAPI 2068 LookupAccountSidW( 2069 IN LPCWSTR system, 2070 IN PSID sid, 2071 OUT LPWSTR account, 2072 IN OUT LPDWORD accountSize, 2073 OUT LPWSTR domain, 2074 IN OUT LPDWORD domainSize, 2075 OUT PSID_NAME_USE name_use ) 2076 { 2077 unsigned int i, j; 2078 const WCHAR * ac = NULL; 2079 const WCHAR * dm = NULL; 2080 SID_NAME_USE use = 0; 2081 LPWSTR computer_name = NULL; 2082 LPWSTR account_name = NULL; 2083 2084 TRACE("(%s,sid=%s,%p,%p(%u),%p,%p(%u),%p)\n", 2085 debugstr_w(system),debugstr_sid(sid), 2086 account,accountSize,accountSize?*accountSize:0, 2087 domain,domainSize,domainSize?*domainSize:0, 2088 name_use); 2089 2090 if (!ADVAPI_IsLocalComputer(system)) { 2091 FIXME("Only local computer supported!\n"); 2092 SetLastError(RPC_S_SERVER_UNAVAILABLE); 2093 return FALSE; 2094 } 2095 2096 /* check the well known SIDs first */ 2097 for (i = 0; i <= 60; i++) { 2098 if (IsWellKnownSid(sid, i)) { 2099 for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) { 2100 if (ACCOUNT_SIDS[j].type == i) { 2101 ac = ACCOUNT_SIDS[j].account; 2102 dm = ACCOUNT_SIDS[j].domain; 2103 use = ACCOUNT_SIDS[j].name_use; 2104 } 2105 } 2106 break; 2107 } 2108 } 2109 2110 if (dm == NULL) { 2111 MAX_SID local; 2112 2113 /* check for the local computer next */ 2114 if (ADVAPI_GetComputerSid(&local)) { 2115 DWORD size = MAX_COMPUTERNAME_LENGTH + 1; 2116 BOOL result; 2117 2118 computer_name = HeapAlloc(GetProcessHeap(), 0, size * sizeof(WCHAR)); 2119 result = GetComputerNameW(computer_name, &size); 2120 2121 if (result) { 2122 if (EqualSid(sid, &local)) { 2123 dm = computer_name; 2124 ac = Blank; 2125 use = 3; 2126 } else { 2127 local.SubAuthorityCount++; 2128 2129 if (EqualPrefixSid(sid, &local)) { 2130 dm = computer_name; 2131 use = 1; 2132 switch (((MAX_SID *)sid)->SubAuthority[4]) { 2133 case DOMAIN_USER_RID_ADMIN: 2134 ac = Administrator; 2135 break; 2136 case DOMAIN_USER_RID_GUEST: 2137 ac = Guest; 2138 break; 2139 case DOMAIN_GROUP_RID_ADMINS: 2140 ac = Domain_Admins; 2141 break; 2142 case DOMAIN_GROUP_RID_USERS: 2143 ac = Domain_Users; 2144 break; 2145 case DOMAIN_GROUP_RID_GUESTS: 2146 ac = Domain_Guests; 2147 break; 2148 case DOMAIN_GROUP_RID_COMPUTERS: 2149 ac = Domain_Computers; 2150 break; 2151 case DOMAIN_GROUP_RID_CONTROLLERS: 2152 ac = Domain_Controllers; 2153 break; 2154 case DOMAIN_GROUP_RID_CERT_ADMINS: 2155 ac = Cert_Publishers; 2156 break; 2157 case DOMAIN_GROUP_RID_SCHEMA_ADMINS: 2158 ac = Schema_Admins; 2159 break; 2160 case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS: 2161 ac = Enterprise_Admins; 2162 break; 2163 case DOMAIN_GROUP_RID_POLICY_ADMINS: 2164 ac = Group_Policy_Creator_Owners; 2165 break; 2166 case DOMAIN_ALIAS_RID_RAS_SERVERS: 2167 ac = RAS_and_IAS_Servers; 2168 break; 2169 case 1000: /* first user account */ 2170 size = UNLEN + 1; 2171 account_name = HeapAlloc( 2172 GetProcessHeap(), 0, size * sizeof(WCHAR)); 2173 if (GetUserNameW(account_name, &size)) 2174 ac = account_name; 2175 else 2176 dm = NULL; 2177 2178 break; 2179 default: 2180 dm = NULL; 2181 break; 2182 } 2183 } 2184 } 2185 } 2186 } 2187 } 2188 2189 if (dm) { 2190 DWORD ac_len = lstrlenW(ac); 2191 DWORD dm_len = lstrlenW(dm); 2192 BOOL status = TRUE; 2193 2194 if (*accountSize > ac_len) { 2195 if (account) 2196 lstrcpyW(account, ac); 2197 } 2198 if (*domainSize > dm_len) { 2199 if (domain) 2200 lstrcpyW(domain, dm); 2201 } 2202 if ((*accountSize && *accountSize < ac_len) || 2203 (!account && !*accountSize && ac_len) || 2204 (*domainSize && *domainSize < dm_len) || 2205 (!domain && !*domainSize && dm_len)) 2206 { 2207 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2208 status = FALSE; 2209 } 2210 if (*domainSize) 2211 *domainSize = dm_len; 2212 else 2213 *domainSize = dm_len + 1; 2214 if (*accountSize) 2215 *accountSize = ac_len; 2216 else 2217 *accountSize = ac_len + 1; 2218 2219 HeapFree(GetProcessHeap(), 0, account_name); 2220 HeapFree(GetProcessHeap(), 0, computer_name); 2221 if (status) *name_use = use; 2222 return status; 2223 } 2224 2225 HeapFree(GetProcessHeap(), 0, account_name); 2226 HeapFree(GetProcessHeap(), 0, computer_name); 2227 SetLastError(ERROR_NONE_MAPPED); 2228 return FALSE; 2229 } 2230 2231 /****************************************************************************** 2232 * SetFileSecurityA [ADVAPI32.@] 2233 * 2234 * See SetFileSecurityW. 2235 */ 2236 BOOL WINAPI SetFileSecurityA( LPCSTR lpFileName, 2237 SECURITY_INFORMATION RequestedInformation, 2238 PSECURITY_DESCRIPTOR pSecurityDescriptor) 2239 { 2240 DWORD len; 2241 BOOL r; 2242 LPWSTR name = NULL; 2243 2244 if( lpFileName ) 2245 { 2246 len = MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, NULL, 0 ); 2247 name = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR) ); 2248 MultiByteToWideChar( CP_ACP, 0, lpFileName, -1, name, len ); 2249 } 2250 2251 r = SetFileSecurityW( name, RequestedInformation, pSecurityDescriptor ); 2252 HeapFree( GetProcessHeap(), 0, name ); 2253 2254 return r; 2255 } 2256 2257 /****************************************************************************** 2258 * SetFileSecurityW [ADVAPI32.@] 2259 * 2260 * Sets the security of a file or directory. 2261 * 2262 * PARAMS 2263 * lpFileName [] 2264 * RequestedInformation [] 2265 * pSecurityDescriptor [] 2266 * 2267 * RETURNS 2268 * Success: TRUE. 2269 * Failure: FALSE. 2270 */ 2271 BOOL WINAPI 2272 SetFileSecurityW( LPCWSTR lpFileName, 2273 SECURITY_INFORMATION RequestedInformation, 2274 PSECURITY_DESCRIPTOR pSecurityDescriptor ) 2275 { 2276 HANDLE file; 2277 DWORD access = 0; 2278 NTSTATUS status; 2279 2280 TRACE("(%s, 0x%x, %p)\n", debugstr_w(lpFileName), RequestedInformation, 2281 pSecurityDescriptor ); 2282 2283 if (RequestedInformation & OWNER_SECURITY_INFORMATION || 2284 RequestedInformation & GROUP_SECURITY_INFORMATION) 2285 access |= WRITE_OWNER; 2286 if (RequestedInformation & SACL_SECURITY_INFORMATION) 2287 access |= ACCESS_SYSTEM_SECURITY; 2288 if (RequestedInformation & DACL_SECURITY_INFORMATION) 2289 access |= WRITE_DAC; 2290 2291 file = CreateFileW( lpFileName, access, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE, 2292 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL ); 2293 if (file == INVALID_HANDLE_VALUE) 2294 return FALSE; 2295 2296 status = NtSetSecurityObject( file, RequestedInformation, pSecurityDescriptor ); 2297 CloseHandle( file ); 2298 return set_ntstatus( status ); 2299 } 2300 2301 /****************************************************************************** 2302 * QueryWindows31FilesMigration [ADVAPI32.@] 2303 * 2304 * PARAMS 2305 * x1 [] 2306 */ 2307 BOOL WINAPI 2308 QueryWindows31FilesMigration( DWORD x1 ) 2309 { 2310 FIXME("(%d):stub\n",x1); 2311 return TRUE; 2312 } 2313 2314 /****************************************************************************** 2315 * SynchronizeWindows31FilesAndWindowsNTRegistry [ADVAPI32.@] 2316 * 2317 * PARAMS 2318 * x1 [] 2319 * x2 [] 2320 * x3 [] 2321 * x4 [] 2322 */ 2323 BOOL WINAPI 2324 SynchronizeWindows31FilesAndWindowsNTRegistry( DWORD x1, DWORD x2, DWORD x3, 2325 DWORD x4 ) 2326 { 2327 FIXME("(0x%08x,0x%08x,0x%08x,0x%08x):stub\n",x1,x2,x3,x4); 2328 return TRUE; 2329 } 2330 2331 /****************************************************************************** 2332 * NotifyBootConfigStatus [ADVAPI32.@] 2333 * 2334 * PARAMS 2335 * x1 [] 2336 */ 2337 BOOL WINAPI 2338 NotifyBootConfigStatus( BOOL x1 ) 2339 { 2340 FIXME("(0x%08d):stub\n",x1); 2341 return 1; 2342 } 2343 2344 /****************************************************************************** 2345 * RevertToSelf [ADVAPI32.@] 2346 * 2347 * Ends the impersonation of a user. 2348 * 2349 * PARAMS 2350 * void [] 2351 * 2352 * RETURNS 2353 * Success: TRUE. 2354 * Failure: FALSE. 2355 */ 2356 BOOL WINAPI 2357 RevertToSelf( void ) 2358 { 2359 HANDLE Token = NULL; 2360 return set_ntstatus( NtSetInformationThread( GetCurrentThread(), 2361 ThreadImpersonationToken, &Token, sizeof(Token) ) ); 2362 } 2363 2364 /****************************************************************************** 2365 * ImpersonateSelf [ADVAPI32.@] 2366 * 2367 * Makes an impersonation token that represents the process user and assigns 2368 * to the current thread. 2369 * 2370 * PARAMS 2371 * ImpersonationLevel [I] Level at which to impersonate. 2372 * 2373 * RETURNS 2374 * Success: TRUE. 2375 * Failure: FALSE. 2376 */ 2377 BOOL WINAPI 2378 ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) 2379 { 2380 return set_ntstatus( RtlImpersonateSelf( ImpersonationLevel ) ); 2381 } 2382 2383 /****************************************************************************** 2384 * ImpersonateLoggedOnUser [ADVAPI32.@] 2385 */ 2386 BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken) 2387 { 2388 DWORD size; 2389 NTSTATUS Status; 2390 HANDLE ImpersonationToken; 2391 TOKEN_TYPE Type; 2392 static BOOL warn = TRUE; 2393 2394 if (warn) 2395 { 2396 FIXME( "(%p)\n", hToken ); 2397 warn = FALSE; 2398 } 2399 if (!GetTokenInformation( hToken, TokenType, &Type, 2400 sizeof(TOKEN_TYPE), &size )) 2401 return FALSE; 2402 2403 if (Type == TokenPrimary) 2404 { 2405 OBJECT_ATTRIBUTES ObjectAttributes; 2406 2407 InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL ); 2408 2409 Status = NtDuplicateToken( hToken, 2410 TOKEN_IMPERSONATE | TOKEN_QUERY, 2411 &ObjectAttributes, 2412 SecurityImpersonation, 2413 TokenImpersonation, 2414 &ImpersonationToken ); 2415 if (Status != STATUS_SUCCESS) 2416 { 2417 ERR( "NtDuplicateToken failed with error 0x%08x\n", Status ); 2418 SetLastError( RtlNtStatusToDosError( Status ) ); 2419 return FALSE; 2420 } 2421 } 2422 else 2423 ImpersonationToken = hToken; 2424 2425 Status = NtSetInformationThread( GetCurrentThread(), 2426 ThreadImpersonationToken, 2427 &ImpersonationToken, 2428 sizeof(ImpersonationToken) ); 2429 2430 if (Type == TokenPrimary) 2431 NtClose( ImpersonationToken ); 2432 2433 if (Status != STATUS_SUCCESS) 2434 { 2435 ERR( "NtSetInformationThread failed with error 0x%08x\n", Status ); 2436 SetLastError( RtlNtStatusToDosError( Status ) ); 2437 return FALSE; 2438 } 2439 2440 return TRUE; 2441 } 2442 2443 /****************************************************************************** 2444 * AccessCheck [ADVAPI32.@] 2445 */ 2446 BOOL WINAPI 2447 AccessCheck( 2448 PSECURITY_DESCRIPTOR SecurityDescriptor, 2449 HANDLE ClientToken, 2450 DWORD DesiredAccess, 2451 PGENERIC_MAPPING GenericMapping, 2452 PPRIVILEGE_SET PrivilegeSet, 2453 LPDWORD PrivilegeSetLength, 2454 LPDWORD GrantedAccess, 2455 LPBOOL AccessStatus) 2456 { 2457 NTSTATUS access_status; 2458 BOOL ret = set_ntstatus( NtAccessCheck(SecurityDescriptor, ClientToken, DesiredAccess, 2459 GenericMapping, PrivilegeSet, PrivilegeSetLength, 2460 GrantedAccess, &access_status) ); 2461 if (ret) *AccessStatus = set_ntstatus( access_status ); 2462 return ret; 2463 } 2464 2465 2466 /****************************************************************************** 2467 * AccessCheckByType [ADVAPI32.@] 2468 */ 2469 BOOL WINAPI AccessCheckByType( 2470 PSECURITY_DESCRIPTOR pSecurityDescriptor, 2471 PSID PrincipalSelfSid, 2472 HANDLE ClientToken, 2473 DWORD DesiredAccess, 2474 POBJECT_TYPE_LIST ObjectTypeList, 2475 DWORD ObjectTypeListLength, 2476 PGENERIC_MAPPING GenericMapping, 2477 PPRIVILEGE_SET PrivilegeSet, 2478 LPDWORD PrivilegeSetLength, 2479 LPDWORD GrantedAccess, 2480 LPBOOL AccessStatus) 2481 { 2482 FIXME("stub\n"); 2483 2484 *AccessStatus = TRUE; 2485 2486 return !*AccessStatus; 2487 } 2488 2489 /****************************************************************************** 2490 * MapGenericMask [ADVAPI32.@] 2491 * 2492 * Maps generic access rights into specific access rights according to the 2493 * supplied mapping. 2494 * 2495 * PARAMS 2496 * AccessMask [I/O] Access rights. 2497 * GenericMapping [I] The mapping between generic and specific rights. 2498 * 2499 * RETURNS 2500 * Nothing. 2501 */ 2502 VOID WINAPI MapGenericMask( PDWORD AccessMask, PGENERIC_MAPPING GenericMapping ) 2503 { 2504 RtlMapGenericMask( AccessMask, GenericMapping ); 2505 } 2506 2507 /************************************************************************* 2508 * SetKernelObjectSecurity [ADVAPI32.@] 2509 */ 2510 BOOL WINAPI SetKernelObjectSecurity ( 2511 IN HANDLE Handle, 2512 IN SECURITY_INFORMATION SecurityInformation, 2513 IN PSECURITY_DESCRIPTOR SecurityDescriptor ) 2514 { 2515 return set_ntstatus (NtSetSecurityObject (Handle, SecurityInformation, SecurityDescriptor)); 2516 } 2517 2518 2519 /****************************************************************************** 2520 * AddAuditAccessAce [ADVAPI32.@] 2521 */ 2522 BOOL WINAPI AddAuditAccessAce( 2523 IN OUT PACL pAcl, 2524 IN DWORD dwAceRevision, 2525 IN DWORD dwAccessMask, 2526 IN PSID pSid, 2527 IN BOOL bAuditSuccess, 2528 IN BOOL bAuditFailure) 2529 { 2530 return set_ntstatus( RtlAddAuditAccessAce(pAcl, dwAceRevision, dwAccessMask, pSid, 2531 bAuditSuccess, bAuditFailure) ); 2532 } 2533 2534 /****************************************************************************** 2535 * AddAuditAccessAce [ADVAPI32.@] 2536 */ 2537 BOOL WINAPI AddAuditAccessAceEx( 2538 IN OUT PACL pAcl, 2539 IN DWORD dwAceRevision, 2540 IN DWORD dwAceFlags, 2541 IN DWORD dwAccessMask, 2542 IN PSID pSid, 2543 IN BOOL bAuditSuccess, 2544 IN BOOL bAuditFailure) 2545 { 2546 return set_ntstatus( RtlAddAuditAccessAceEx(pAcl, dwAceRevision, dwAceFlags, dwAccessMask, pSid, 2547 bAuditSuccess, bAuditFailure) ); 2548 } 2549 2550 /****************************************************************************** 2551 * LookupAccountNameA [ADVAPI32.@] 2552 */ 2553 BOOL WINAPI 2554 LookupAccountNameA( 2555 IN LPCSTR system, 2556 IN LPCSTR account, 2557 OUT PSID sid, 2558 OUT LPDWORD cbSid, 2559 LPSTR ReferencedDomainName, 2560 IN OUT LPDWORD cbReferencedDomainName, 2561 OUT PSID_NAME_USE name_use ) 2562 { 2563 BOOL ret; 2564 UNICODE_STRING lpSystemW; 2565 UNICODE_STRING lpAccountW; 2566 LPWSTR lpReferencedDomainNameW = NULL; 2567 2568 RtlCreateUnicodeStringFromAsciiz(&lpSystemW, system); 2569 RtlCreateUnicodeStringFromAsciiz(&lpAccountW, account); 2570 2571 if (ReferencedDomainName) 2572 lpReferencedDomainNameW = HeapAlloc(GetProcessHeap(), 0, *cbReferencedDomainName * sizeof(WCHAR)); 2573 2574 ret = LookupAccountNameW(lpSystemW.Buffer, lpAccountW.Buffer, sid, cbSid, lpReferencedDomainNameW, 2575 cbReferencedDomainName, name_use); 2576 2577 if (ret && lpReferencedDomainNameW) 2578 { 2579 WideCharToMultiByte(CP_ACP, 0, lpReferencedDomainNameW, -1, 2580 ReferencedDomainName, *cbReferencedDomainName+1, NULL, NULL); 2581 } 2582 2583 RtlFreeUnicodeString(&lpSystemW); 2584 RtlFreeUnicodeString(&lpAccountW); 2585 HeapFree(GetProcessHeap(), 0, lpReferencedDomainNameW); 2586 2587 return ret; 2588 } 2589 2590 /****************************************************************************** 2591 * lookup_user_account_name 2592 */ 2593 static BOOL lookup_user_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName, 2594 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2595 { 2596 char buffer[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES]; 2597 DWORD len = sizeof(buffer); 2598 HANDLE token; 2599 BOOL ret; 2600 PSID pSid; 2601 WCHAR domainName[MAX_COMPUTERNAME_LENGTH + 1]; 2602 DWORD nameLen; 2603 2604 if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token)) 2605 { 2606 if (GetLastError() != ERROR_NO_TOKEN) return FALSE; 2607 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) return FALSE; 2608 } 2609 2610 ret = GetTokenInformation(token, TokenUser, buffer, len, &len); 2611 CloseHandle( token ); 2612 2613 if (!ret) return FALSE; 2614 2615 pSid = ((TOKEN_USER *)buffer)->User.Sid; 2616 2617 if (Sid != NULL && (*cbSid >= GetLengthSid(pSid))) 2618 CopySid(*cbSid, Sid, pSid); 2619 if (*cbSid < GetLengthSid(pSid)) 2620 { 2621 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2622 ret = FALSE; 2623 } 2624 *cbSid = GetLengthSid(pSid); 2625 2626 nameLen = MAX_COMPUTERNAME_LENGTH + 1; 2627 if (!GetComputerNameW(domainName, &nameLen)) 2628 { 2629 domainName[0] = 0; 2630 nameLen = 0; 2631 } 2632 if (*cchReferencedDomainName <= nameLen || !ret) 2633 { 2634 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2635 nameLen += 1; 2636 ret = FALSE; 2637 } 2638 else if (ReferencedDomainName) 2639 strcpyW(ReferencedDomainName, domainName); 2640 2641 *cchReferencedDomainName = nameLen; 2642 2643 if (ret) 2644 *peUse = SidTypeUser; 2645 2646 return ret; 2647 } 2648 2649 /****************************************************************************** 2650 * lookup_computer_account_name 2651 */ 2652 static BOOL lookup_computer_account_name(PSID Sid, PDWORD cbSid, LPWSTR ReferencedDomainName, 2653 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2654 { 2655 MAX_SID local; 2656 BOOL ret; 2657 WCHAR domainName[MAX_COMPUTERNAME_LENGTH + 1]; 2658 DWORD nameLen; 2659 2660 if ((ret = ADVAPI_GetComputerSid(&local))) 2661 { 2662 if (Sid != NULL && (*cbSid >= GetLengthSid(&local))) 2663 CopySid(*cbSid, Sid, &local); 2664 if (*cbSid < GetLengthSid(&local)) 2665 { 2666 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2667 ret = FALSE; 2668 } 2669 *cbSid = GetLengthSid(&local); 2670 } 2671 2672 nameLen = MAX_COMPUTERNAME_LENGTH + 1; 2673 if (!GetComputerNameW(domainName, &nameLen)) 2674 { 2675 domainName[0] = 0; 2676 nameLen = 0; 2677 } 2678 if (*cchReferencedDomainName <= nameLen || !ret) 2679 { 2680 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2681 nameLen += 1; 2682 ret = FALSE; 2683 } 2684 else if (ReferencedDomainName) 2685 strcpyW(ReferencedDomainName, domainName); 2686 2687 *cchReferencedDomainName = nameLen; 2688 2689 if (ret) 2690 *peUse = SidTypeDomain; 2691 2692 return ret; 2693 } 2694 2695 static void split_domain_account( const LSA_UNICODE_STRING *str, LSA_UNICODE_STRING *account, 2696 LSA_UNICODE_STRING *domain ) 2697 { 2698 WCHAR *p = str->Buffer + str->Length / sizeof(WCHAR) - 1; 2699 2700 while (p > str->Buffer && *p != '\\') p--; 2701 2702 if (*p == '\\') 2703 { 2704 domain->Buffer = str->Buffer; 2705 domain->Length = (p - str->Buffer) * sizeof(WCHAR); 2706 2707 account->Buffer = p + 1; 2708 account->Length = str->Length - ((p - str->Buffer + 1) * sizeof(WCHAR)); 2709 } 2710 else 2711 { 2712 domain->Buffer = NULL; 2713 domain->Length = 0; 2714 2715 account->Buffer = str->Buffer; 2716 account->Length = str->Length; 2717 } 2718 } 2719 2720 static BOOL match_domain( ULONG idx, const LSA_UNICODE_STRING *domain ) 2721 { 2722 ULONG len = strlenW( ACCOUNT_SIDS[idx].domain ); 2723 2724 if (len == domain->Length / sizeof(WCHAR) && !strncmpiW( domain->Buffer, ACCOUNT_SIDS[idx].domain, len )) 2725 return TRUE; 2726 2727 return FALSE; 2728 } 2729 2730 static BOOL match_account( ULONG idx, const LSA_UNICODE_STRING *account ) 2731 { 2732 ULONG len = strlenW( ACCOUNT_SIDS[idx].account ); 2733 2734 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].account, len )) 2735 return TRUE; 2736 2737 if (ACCOUNT_SIDS[idx].alias) 2738 { 2739 len = strlenW( ACCOUNT_SIDS[idx].alias ); 2740 if (len == account->Length / sizeof(WCHAR) && !strncmpiW( account->Buffer, ACCOUNT_SIDS[idx].alias, len )) 2741 return TRUE; 2742 } 2743 return FALSE; 2744 } 2745 2746 /* 2747 * Helper function for LookupAccountNameW 2748 */ 2749 BOOL lookup_local_wellknown_name( const LSA_UNICODE_STRING *account_and_domain, 2750 PSID Sid, LPDWORD cbSid, 2751 LPWSTR ReferencedDomainName, 2752 LPDWORD cchReferencedDomainName, 2753 PSID_NAME_USE peUse, BOOL *handled ) 2754 { 2755 PSID pSid; 2756 LSA_UNICODE_STRING account, domain; 2757 BOOL ret = TRUE; 2758 ULONG i; 2759 2760 *handled = FALSE; 2761 split_domain_account( account_and_domain, &account, &domain ); 2762 2763 for (i = 0; i < sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0]); i++) 2764 { 2765 /* check domain first */ 2766 if (domain.Buffer && !match_domain( i, &domain )) continue; 2767 2768 if (match_account( i, &account )) 2769 { 2770 DWORD len, sidLen = SECURITY_MAX_SID_SIZE; 2771 2772 if (!(pSid = HeapAlloc( GetProcessHeap(), 0, sidLen ))) return FALSE; 2773 2774 if ((ret = CreateWellKnownSid( ACCOUNT_SIDS[i].type, NULL, pSid, &sidLen ))) 2775 { 2776 if (*cbSid < sidLen) 2777 { 2778 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2779 ret = FALSE; 2780 } 2781 else if (Sid) 2782 { 2783 CopySid(*cbSid, Sid, pSid); 2784 } 2785 *cbSid = sidLen; 2786 } 2787 2788 len = strlenW( ACCOUNT_SIDS[i].domain ); 2789 if (*cchReferencedDomainName <= len || !ret) 2790 { 2791 SetLastError(ERROR_INSUFFICIENT_BUFFER); 2792 len++; 2793 ret = FALSE; 2794 } 2795 else if (ReferencedDomainName) 2796 { 2797 strcpyW( ReferencedDomainName, ACCOUNT_SIDS[i].domain ); 2798 } 2799 2800 *cchReferencedDomainName = len; 2801 if (ret) 2802 *peUse = ACCOUNT_SIDS[i].name_use; 2803 2804 HeapFree(GetProcessHeap(), 0, pSid); 2805 *handled = TRUE; 2806 return ret; 2807 } 2808 } 2809 return ret; 2810 } 2811 2812 BOOL lookup_local_user_name( const LSA_UNICODE_STRING *account_and_domain, 2813 PSID Sid, LPDWORD cbSid, 2814 LPWSTR ReferencedDomainName, 2815 LPDWORD cchReferencedDomainName, 2816 PSID_NAME_USE peUse, BOOL *handled ) 2817 { 2818 DWORD nameLen; 2819 LPWSTR userName = NULL; 2820 LSA_UNICODE_STRING account, domain; 2821 BOOL ret = TRUE; 2822 2823 *handled = FALSE; 2824 split_domain_account( account_and_domain, &account, &domain ); 2825 2826 /* Let the current Unix user id masquerade as first Windows user account */ 2827 2828 nameLen = UNLEN + 1; 2829 if (!(userName = HeapAlloc( GetProcessHeap(), 0, nameLen * sizeof(WCHAR) ))) return FALSE; 2830 2831 if (domain.Buffer) 2832 { 2833 /* check to make sure this account is on this computer */ 2834 if (GetComputerNameW( userName, &nameLen ) && 2835 (domain.Length / sizeof(WCHAR) != nameLen || strncmpW( domain.Buffer, userName, nameLen ))) 2836 { 2837 SetLastError(ERROR_NONE_MAPPED); 2838 ret = FALSE; 2839 } 2840 nameLen = UNLEN + 1; 2841 } 2842 2843 if (GetUserNameW( userName, &nameLen ) && 2844 account.Length / sizeof(WCHAR) == nameLen - 1 && !strncmpW( account.Buffer, userName, nameLen - 1 )) 2845 { 2846 ret = lookup_user_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse ); 2847 *handled = TRUE; 2848 } 2849 else 2850 { 2851 nameLen = UNLEN + 1; 2852 if (GetComputerNameW( userName, &nameLen ) && 2853 account.Length / sizeof(WCHAR) == nameLen && !strncmpW( account.Buffer, userName , nameLen )) 2854 { 2855 ret = lookup_computer_account_name( Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse ); 2856 *handled = TRUE; 2857 } 2858 } 2859 2860 HeapFree(GetProcessHeap(), 0, userName); 2861 return ret; 2862 } 2863 2864 /****************************************************************************** 2865 * LookupAccountNameW [ADVAPI32.@] 2866 */ 2867 BOOL WINAPI LookupAccountNameW( LPCWSTR lpSystemName, LPCWSTR lpAccountName, PSID Sid, 2868 LPDWORD cbSid, LPWSTR ReferencedDomainName, 2869 LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse ) 2870 { 2871 BOOL ret, handled; 2872 LSA_UNICODE_STRING account; 2873 2874 TRACE("%s %s %p %p %p %p %p\n", debugstr_w(lpSystemName), debugstr_w(lpAccountName), 2875 Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse); 2876 2877 if (!ADVAPI_IsLocalComputer( lpSystemName )) 2878 { 2879 FIXME("remote computer not supported\n"); 2880 SetLastError( RPC_S_SERVER_UNAVAILABLE ); 2881 return FALSE; 2882 } 2883 2884 if (!lpAccountName || !strcmpW( lpAccountName, Blank )) 2885 { 2886 lpAccountName = BUILTIN; 2887 } 2888 2889 RtlInitUnicodeString( &account, lpAccountName ); 2890 2891 /* Check well known SIDs first */ 2892 ret = lookup_local_wellknown_name( &account, Sid, cbSid, ReferencedDomainName, 2893 cchReferencedDomainName, peUse, &handled ); 2894 if (handled) 2895 return ret; 2896 2897 /* Check user names */ 2898 ret = lookup_local_user_name( &account, Sid, cbSid, ReferencedDomainName, 2899 cchReferencedDomainName, peUse, &handled); 2900 if (handled) 2901 return ret; 2902 2903 SetLastError( ERROR_NONE_MAPPED ); 2904 return FALSE; 2905 } 2906 2907 /****************************************************************************** 2908 * PrivilegeCheck [ADVAPI32.@] 2909 */ 2910 BOOL WINAPI PrivilegeCheck( HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult) 2911 { 2912 BOOL ret; 2913 BOOLEAN Result; 2914 2915 TRACE("%p %p %p\n", ClientToken, RequiredPrivileges, pfResult); 2916 2917 ret = set_ntstatus (NtPrivilegeCheck (ClientToken, RequiredPrivileges, &Result)); 2918 if (ret) 2919 *pfResult = Result; 2920 return ret; 2921 } 2922 2923 /****************************************************************************** 2924 * AccessCheckAndAuditAlarmA [ADVAPI32.@] 2925 */ 2926 BOOL WINAPI AccessCheckAndAuditAlarmA(LPCSTR Subsystem, LPVOID HandleId, LPSTR ObjectTypeName, 2927 LPSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, 2928 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, 2929 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose) 2930 { 2931 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_a(Subsystem), 2932 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), 2933 SecurityDescriptor, DesiredAccess, GenericMapping, 2934 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose); 2935 return TRUE; 2936 } 2937 2938 /****************************************************************************** 2939 * AccessCheckAndAuditAlarmW [ADVAPI32.@] 2940 */ 2941 BOOL WINAPI AccessCheckAndAuditAlarmW(LPCWSTR Subsystem, LPVOID HandleId, LPWSTR ObjectTypeName, 2942 LPWSTR ObjectName, PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD DesiredAccess, 2943 PGENERIC_MAPPING GenericMapping, BOOL ObjectCreation, LPDWORD GrantedAccess, 2944 LPBOOL AccessStatus, LPBOOL pfGenerateOnClose) 2945 { 2946 FIXME("stub (%s,%p,%s,%s,%p,%08x,%p,%x,%p,%p,%p)\n", debugstr_w(Subsystem), 2947 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), 2948 SecurityDescriptor, DesiredAccess, GenericMapping, 2949 ObjectCreation, GrantedAccess, AccessStatus, pfGenerateOnClose); 2950 return TRUE; 2951 } 2952 2953 BOOL WINAPI ObjectCloseAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2954 { 2955 FIXME("stub (%s,%p,%x)\n", debugstr_a(SubsystemName), HandleId, GenerateOnClose); 2956 2957 return TRUE; 2958 } 2959 2960 BOOL WINAPI ObjectCloseAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2961 { 2962 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose); 2963 2964 return TRUE; 2965 } 2966 2967 BOOL WINAPI ObjectDeleteAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, BOOL GenerateOnClose) 2968 { 2969 FIXME("stub (%s,%p,%x)\n", debugstr_w(SubsystemName), HandleId, GenerateOnClose); 2970 2971 return TRUE; 2972 } 2973 2974 BOOL WINAPI ObjectOpenAuditAlarmA(LPCSTR SubsystemName, LPVOID HandleId, LPSTR ObjectTypeName, 2975 LPSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, 2976 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, 2977 LPBOOL GenerateOnClose) 2978 { 2979 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_a(SubsystemName), 2980 HandleId, debugstr_a(ObjectTypeName), debugstr_a(ObjectName), pSecurityDescriptor, 2981 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, 2982 GenerateOnClose); 2983 2984 return TRUE; 2985 } 2986 2987 BOOL WINAPI ObjectOpenAuditAlarmW(LPCWSTR SubsystemName, LPVOID HandleId, LPWSTR ObjectTypeName, 2988 LPWSTR ObjectName, PSECURITY_DESCRIPTOR pSecurityDescriptor, HANDLE ClientToken, DWORD DesiredAccess, 2989 DWORD GrantedAccess, PPRIVILEGE_SET Privileges, BOOL ObjectCreation, BOOL AccessGranted, 2990 LPBOOL GenerateOnClose) 2991 { 2992 FIXME("stub (%s,%p,%s,%s,%p,%p,0x%08x,0x%08x,%p,%x,%x,%p)\n", debugstr_w(SubsystemName), 2993 HandleId, debugstr_w(ObjectTypeName), debugstr_w(ObjectName), pSecurityDescriptor, 2994 ClientToken, DesiredAccess, GrantedAccess, Privileges, ObjectCreation, AccessGranted, 2995 GenerateOnClose); 2996 2997 return TRUE; 2998 } 2999 3000 BOOL WINAPI ObjectPrivilegeAuditAlarmA( LPCSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, 3001 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted) 3002 { 3003 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_a(SubsystemName), HandleId, ClientToken, 3004 DesiredAccess, Privileges, AccessGranted); 3005 3006 return TRUE; 3007 } 3008 3009 BOOL WINAPI ObjectPrivilegeAuditAlarmW( LPCWSTR SubsystemName, LPVOID HandleId, HANDLE ClientToken, 3010 DWORD DesiredAccess, PPRIVILEGE_SET Privileges, BOOL AccessGranted) 3011 { 3012 FIXME("stub (%s,%p,%p,0x%08x,%p,%x)\n", debugstr_w(SubsystemName), HandleId, ClientToken, 3013 DesiredAccess, Privileges, AccessGranted); 3014 3015 return TRUE; 3016 } 3017 3018 BOOL WINAPI PrivilegedServiceAuditAlarmA( LPCSTR SubsystemName, LPCSTR ServiceName, HANDLE ClientToken, 3019 PPRIVILEGE_SET Privileges, BOOL AccessGranted) 3020 { 3021 FIXME("stub (%s,%s,%p,%p,%x)\n", debugstr_a(SubsystemName), debugstr_a(ServiceName), 3022 ClientToken, Privileges, AccessGranted); 3023 3024 return TRUE; 3025 } 3026 3027 BOOL WINAPI PrivilegedServiceAuditAlarmW( LPCWSTR SubsystemName, LPCWSTR ServiceName, HANDLE ClientToken, 3028 PPRIVILEGE_SET Privileges, BOOL AccessGranted) 3029 { 3030 FIXME("stub %s,%s,%p,%p,%x)\n", debugstr_w(SubsystemName), debugstr_w(ServiceName), 3031 ClientToken, Privileges, AccessGranted); 3032 3033 return TRUE; 3034 } 3035 3036 /****************************************************************************** 3037 * GetSecurityInfo [ADVAPI32.@] 3038 * 3039 * Retrieves a copy of the security descriptor associated with an object. 3040 * 3041 * PARAMS 3042 * hObject [I] A handle for the object. 3043 * ObjectType [I] The type of object. 3044 * SecurityInfo [I] A bitmask indicating what info to retrieve. 3045 * ppsidOwner [O] If non-null, receives a pointer to the owner SID. 3046 * ppsidGroup [O] If non-null, receives a pointer to the group SID. 3047 * ppDacl [O] If non-null, receives a pointer to the DACL. 3048 * ppSacl [O] If non-null, receives a pointer to the SACL. 3049 * ppSecurityDescriptor [O] Receives a pointer to the security descriptor, 3050 * which must be freed with LocalFree. 3051 * 3052 * RETURNS 3053 * ERROR_SUCCESS if all's well, and a WIN32 error code otherwise. 3054 */ 3055 DWORD WINAPI GetSecurityInfo( 3056 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 3057 SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, 3058 PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, 3059 PSECURITY_DESCRIPTOR *ppSecurityDescriptor 3060 ) 3061 { 3062 PSECURITY_DESCRIPTOR sd; 3063 NTSTATUS status; 3064 ULONG n1, n2; 3065 BOOL present, defaulted; 3066 3067 status = NtQuerySecurityObject(hObject, SecurityInfo, NULL, 0, &n1); 3068 if (status != STATUS_BUFFER_TOO_SMALL && status != STATUS_SUCCESS) 3069 return RtlNtStatusToDosError(status); 3070 3071 sd = LocalAlloc(0, n1); 3072 if (!sd) 3073 return ERROR_NOT_ENOUGH_MEMORY; 3074 3075 status = NtQuerySecurityObject(hObject, SecurityInfo, sd, n1, &n2); 3076 if (status != STATUS_SUCCESS) 3077 { 3078 LocalFree(sd); 3079 return RtlNtStatusToDosError(status); 3080 } 3081 3082 if (ppsidOwner) 3083 { 3084 *ppsidOwner = NULL; 3085 GetSecurityDescriptorOwner(sd, ppsidOwner, &defaulted); 3086 } 3087 if (ppsidGroup) 3088 { 3089 *ppsidGroup = NULL; 3090 GetSecurityDescriptorGroup(sd, ppsidGroup, &defaulted); 3091 } 3092 if (ppDacl) 3093 { 3094 *ppDacl = NULL; 3095 GetSecurityDescriptorDacl(sd, &present, ppDacl, &defaulted); 3096 } 3097 if (ppSacl) 3098 { 3099 *ppSacl = NULL; 3100 GetSecurityDescriptorSacl(sd, &present, ppSacl, &defaulted); 3101 } 3102 if (ppSecurityDescriptor) 3103 *ppSecurityDescriptor = sd; 3104 3105 /* The security descriptor (sd) cannot be freed if ppSecurityDescriptor is 3106 * NULL, because native happily returns the SIDs and ACLs that are requested 3107 * in this case. 3108 */ 3109 3110 return ERROR_SUCCESS; 3111 } 3112 3113 /****************************************************************************** 3114 * GetSecurityInfoExA [ADVAPI32.@] 3115 */ 3116 DWORD WINAPI GetSecurityInfoExA( 3117 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 3118 SECURITY_INFORMATION SecurityInfo, LPCSTR lpProvider, 3119 LPCSTR lpProperty, PACTRL_ACCESSA *ppAccessList, 3120 PACTRL_AUDITA *ppAuditList, LPSTR *lppOwner, LPSTR *lppGroup 3121 ) 3122 { 3123 FIXME("stub!\n"); 3124 return ERROR_BAD_PROVIDER; 3125 } 3126 3127 /****************************************************************************** 3128 * GetSecurityInfoExW [ADVAPI32.@] 3129 */ 3130 DWORD WINAPI GetSecurityInfoExW( 3131 HANDLE hObject, SE_OBJECT_TYPE ObjectType, 3132 SECURITY_INFORMATION SecurityInfo, LPCWSTR lpProvider, 3133 LPCWSTR lpProperty, PACTRL_ACCESSW *ppAccessList, 3134 PACTRL_AUDITW *ppAuditList, LPWSTR *lppOwner, LPWSTR *lppGroup 3135 ) 3136 { 3137 FIXME("stub!\n"); 3138 return ERROR_BAD_PROVIDER; 3139 } 3140 3141 /****************************************************************************** 3142 * BuildExplicitAccessWithNameA [ADVAPI32.@] 3143 */ 3144 VOID WINAPI BuildExplicitAccessWithNameA( PEXPLICIT_ACCESSA pExplicitAccess, 3145 LPSTR pTrusteeName, DWORD AccessPermissions, 3146 ACCESS_MODE AccessMode, DWORD Inheritance ) 3147 { 3148 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_a(pTrusteeName), 3149 AccessPermissions, AccessMode, Inheritance); 3150 3151 pExplicitAccess->grfAccessPermissions = AccessPermissions; 3152 pExplicitAccess->grfAccessMode = AccessMode; 3153 pExplicitAccess->grfInheritance = Inheritance; 3154 3155 pExplicitAccess->Trustee.pMultipleTrustee = NULL; 3156 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3157 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME; 3158 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN; 3159 pExplicitAccess->Trustee.ptstrName = pTrusteeName; 3160 } 3161 3162 /****************************************************************************** 3163 * BuildExplicitAccessWithNameW [ADVAPI32.@] 3164 */ 3165 VOID WINAPI BuildExplicitAccessWithNameW( PEXPLICIT_ACCESSW pExplicitAccess, 3166 LPWSTR pTrusteeName, DWORD AccessPermissions, 3167 ACCESS_MODE AccessMode, DWORD Inheritance ) 3168 { 3169 TRACE("%p %s 0x%08x 0x%08x 0x%08x\n", pExplicitAccess, debugstr_w(pTrusteeName), 3170 AccessPermissions, AccessMode, Inheritance); 3171 3172 pExplicitAccess->grfAccessPermissions = AccessPermissions; 3173 pExplicitAccess->grfAccessMode = AccessMode; 3174 pExplicitAccess->grfInheritance = Inheritance; 3175 3176 pExplicitAccess->Trustee.pMultipleTrustee = NULL; 3177 pExplicitAccess->Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3178 pExplicitAccess->Trustee.TrusteeForm = TRUSTEE_IS_NAME; 3179 pExplicitAccess->Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN; 3180 pExplicitAccess->Trustee.ptstrName = pTrusteeName; 3181 } 3182 3183 /****************************************************************************** 3184 * BuildTrusteeWithObjectsAndNameA [ADVAPI32.@] 3185 */ 3186 VOID WINAPI BuildTrusteeWithObjectsAndNameA( PTRUSTEEA pTrustee, POBJECTS_AND_NAME_A pObjName, 3187 SE_OBJECT_TYPE ObjectType, LPSTR ObjectTypeName, 3188 LPSTR InheritedObjectTypeName, LPSTR Name ) 3189 { 3190 DWORD ObjectsPresent = 0; 3191 3192 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName, 3193 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_a(Name)); 3194 3195 /* Fill the OBJECTS_AND_NAME structure */ 3196 pObjName->ObjectType = ObjectType; 3197 if (ObjectTypeName != NULL) 3198 { 3199 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3200 } 3201 3202 pObjName->InheritedObjectTypeName = InheritedObjectTypeName; 3203 if (InheritedObjectTypeName != NULL) 3204 { 3205 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3206 } 3207 3208 pObjName->ObjectsPresent = ObjectsPresent; 3209 pObjName->ptstrName = Name; 3210 3211 /* Fill the TRUSTEE structure */ 3212 pTrustee->pMultipleTrustee = NULL; 3213 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3214 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME; 3215 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3216 pTrustee->ptstrName = (LPSTR)pObjName; 3217 } 3218 3219 /****************************************************************************** 3220 * BuildTrusteeWithObjectsAndNameW [ADVAPI32.@] 3221 */ 3222 VOID WINAPI BuildTrusteeWithObjectsAndNameW( PTRUSTEEW pTrustee, POBJECTS_AND_NAME_W pObjName, 3223 SE_OBJECT_TYPE ObjectType, LPWSTR ObjectTypeName, 3224 LPWSTR InheritedObjectTypeName, LPWSTR Name ) 3225 { 3226 DWORD ObjectsPresent = 0; 3227 3228 TRACE("%p %p 0x%08x %p %p %s\n", pTrustee, pObjName, 3229 ObjectType, ObjectTypeName, InheritedObjectTypeName, debugstr_w(Name)); 3230 3231 /* Fill the OBJECTS_AND_NAME structure */ 3232 pObjName->ObjectType = ObjectType; 3233 if (ObjectTypeName != NULL) 3234 { 3235 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3236 } 3237 3238 pObjName->InheritedObjectTypeName = InheritedObjectTypeName; 3239 if (InheritedObjectTypeName != NULL) 3240 { 3241 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3242 } 3243 3244 pObjName->ObjectsPresent = ObjectsPresent; 3245 pObjName->ptstrName = Name; 3246 3247 /* Fill the TRUSTEE structure */ 3248 pTrustee->pMultipleTrustee = NULL; 3249 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3250 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_NAME; 3251 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3252 pTrustee->ptstrName = (LPWSTR)pObjName; 3253 } 3254 3255 /****************************************************************************** 3256 * BuildTrusteeWithObjectsAndSidA [ADVAPI32.@] 3257 */ 3258 VOID WINAPI BuildTrusteeWithObjectsAndSidA( PTRUSTEEA pTrustee, POBJECTS_AND_SID pObjSid, 3259 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid ) 3260 { 3261 DWORD ObjectsPresent = 0; 3262 3263 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid); 3264 3265 /* Fill the OBJECTS_AND_SID structure */ 3266 if (pObjectGuid != NULL) 3267 { 3268 pObjSid->ObjectTypeGuid = *pObjectGuid; 3269 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3270 } 3271 else 3272 { 3273 ZeroMemory(&pObjSid->ObjectTypeGuid, 3274 sizeof(GUID)); 3275 } 3276 3277 if (pInheritedObjectGuid != NULL) 3278 { 3279 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid; 3280 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3281 } 3282 else 3283 { 3284 ZeroMemory(&pObjSid->InheritedObjectTypeGuid, 3285 sizeof(GUID)); 3286 } 3287 3288 pObjSid->ObjectsPresent = ObjectsPresent; 3289 pObjSid->pSid = pSid; 3290 3291 /* Fill the TRUSTEE structure */ 3292 pTrustee->pMultipleTrustee = NULL; 3293 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3294 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID; 3295 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3296 pTrustee->ptstrName = (LPSTR) pObjSid; 3297 } 3298 3299 /****************************************************************************** 3300 * BuildTrusteeWithObjectsAndSidW [ADVAPI32.@] 3301 */ 3302 VOID WINAPI BuildTrusteeWithObjectsAndSidW( PTRUSTEEW pTrustee, POBJECTS_AND_SID pObjSid, 3303 GUID* pObjectGuid, GUID* pInheritedObjectGuid, PSID pSid ) 3304 { 3305 DWORD ObjectsPresent = 0; 3306 3307 TRACE("%p %p %p %p %p\n", pTrustee, pObjSid, pObjectGuid, pInheritedObjectGuid, pSid); 3308 3309 /* Fill the OBJECTS_AND_SID structure */ 3310 if (pObjectGuid != NULL) 3311 { 3312 pObjSid->ObjectTypeGuid = *pObjectGuid; 3313 ObjectsPresent |= ACE_OBJECT_TYPE_PRESENT; 3314 } 3315 else 3316 { 3317 ZeroMemory(&pObjSid->ObjectTypeGuid, 3318 sizeof(GUID)); 3319 } 3320 3321 if (pInheritedObjectGuid != NULL) 3322 { 3323 pObjSid->InheritedObjectTypeGuid = *pInheritedObjectGuid; 3324 ObjectsPresent |= ACE_INHERITED_OBJECT_TYPE_PRESENT; 3325 } 3326 else 3327 { 3328 ZeroMemory(&pObjSid->InheritedObjectTypeGuid, 3329 sizeof(GUID)); 3330 } 3331 3332 pObjSid->ObjectsPresent = ObjectsPresent; 3333 pObjSid->pSid = pSid; 3334 3335 /* Fill the TRUSTEE structure */ 3336 pTrustee->pMultipleTrustee = NULL; 3337 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3338 pTrustee->TrusteeForm = TRUSTEE_IS_OBJECTS_AND_SID; 3339 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3340 pTrustee->ptstrName = (LPWSTR) pObjSid; 3341 } 3342 3343 /****************************************************************************** 3344 * BuildTrusteeWithSidA [ADVAPI32.@] 3345 */ 3346 VOID WINAPI BuildTrusteeWithSidA(PTRUSTEEA pTrustee, PSID pSid) 3347 { 3348 TRACE("%p %p\n", pTrustee, pSid); 3349 3350 pTrustee->pMultipleTrustee = NULL; 3351 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3352 pTrustee->TrusteeForm = TRUSTEE_IS_SID; 3353 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3354 pTrustee->ptstrName = pSid; 3355 } 3356 3357 /****************************************************************************** 3358 * BuildTrusteeWithSidW [ADVAPI32.@] 3359 */ 3360 VOID WINAPI BuildTrusteeWithSidW(PTRUSTEEW pTrustee, PSID pSid) 3361 { 3362 TRACE("%p %p\n", pTrustee, pSid); 3363 3364 pTrustee->pMultipleTrustee = NULL; 3365 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3366 pTrustee->TrusteeForm = TRUSTEE_IS_SID; 3367 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3368 pTrustee->ptstrName = pSid; 3369 } 3370 3371 /****************************************************************************** 3372 * BuildTrusteeWithNameA [ADVAPI32.@] 3373 */ 3374 VOID WINAPI BuildTrusteeWithNameA(PTRUSTEEA pTrustee, LPSTR name) 3375 { 3376 TRACE("%p %s\n", pTrustee, debugstr_a(name) ); 3377 3378 pTrustee->pMultipleTrustee = NULL; 3379 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3380 pTrustee->TrusteeForm = TRUSTEE_IS_NAME; 3381 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3382 pTrustee->ptstrName = name; 3383 } 3384 3385 /****************************************************************************** 3386 * BuildTrusteeWithNameW [ADVAPI32.@] 3387 */ 3388 VOID WINAPI BuildTrusteeWithNameW(PTRUSTEEW pTrustee, LPWSTR name) 3389 { 3390 TRACE("%p %s\n", pTrustee, debugstr_w(name) ); 3391 3392 pTrustee->pMultipleTrustee = NULL; 3393 pTrustee->MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE; 3394 pTrustee->TrusteeForm = TRUSTEE_IS_NAME; 3395 pTrustee->TrusteeType = TRUSTEE_IS_UNKNOWN; 3396 pTrustee->ptstrName = name; 3397 } 3398 3399 /****************************************************************************** 3400 * GetTrusteeFormA [ADVAPI32.@] 3401 */ 3402 TRUSTEE_FORM WINAPI GetTrusteeFormA(PTRUSTEEA pTrustee) 3403 { 3404 TRACE("(%p)\n", pTrustee); 3405 3406 if (!pTrustee) 3407 return TRUSTEE_BAD_FORM; 3408 3409 return pTrustee->TrusteeForm; 3410 } 3411 3412 /****************************************************************************** 3413 * GetTrusteeFormW [ADVAPI32.@] 3414 */ 3415 TRUSTEE_FORM WINAPI GetTrusteeFormW(PTRUSTEEW pTrustee) 3416 { 3417 TRACE("(%p)\n", pTrustee); 3418 3419 if (!pTrustee) 3420 return TRUSTEE_BAD_FORM; 3421 3422 return pTrustee->TrusteeForm; 3423 } 3424 3425 /****************************************************************************** 3426 * GetTrusteeNameA [ADVAPI32.@] 3427 */ 3428 LPSTR WINAPI GetTrusteeNameA(PTRUSTEEA pTrustee) 3429 { 3430 TRACE("(%p)\n", pTrustee); 3431 3432 if (!pTrustee) 3433 return NULL; 3434 3435 return pTrustee->ptstrName; 3436 } 3437 3438 /****************************************************************************** 3439 * GetTrusteeNameW [ADVAPI32.@] 3440 */ 3441 LPWSTR WINAPI GetTrusteeNameW(PTRUSTEEW pTrustee) 3442 { 3443 TRACE("(%p)\n", pTrustee); 3444 3445 if (!pTrustee) 3446 return NULL; 3447 3448 return pTrustee->ptstrName; 3449 } 3450 3451 /****************************************************************************** 3452 * GetTrusteeTypeA [ADVAPI32.@] 3453 */ 3454 TRUSTEE_TYPE WINAPI GetTrusteeTypeA(PTRUSTEEA pTrustee) 3455 { 3456 TRACE("(%p)\n", pTrustee); 3457 3458 if (!pTrustee) 3459 return TRUSTEE_IS_UNKNOWN; 3460 3461 return pTrustee->TrusteeType; 3462 } 3463 3464 /****************************************************************************** 3465 * GetTrusteeTypeW [ADVAPI32.@] 3466 */ 3467 TRUSTEE_TYPE WINAPI GetTrusteeTypeW(PTRUSTEEW pTrustee) 3468 { 3469 TRACE("(%p)\n", pTrustee); 3470 3471 if (!pTrustee) 3472 return TRUSTEE_IS_UNKNOWN; 3473 3474 return pTrustee->TrusteeType; 3475 } 3476 3477 BOOL WINAPI SetAclInformation( PACL pAcl, LPVOID pAclInformation, 3478 DWORD nAclInformationLength, 3479 ACL_INFORMATION_CLASS dwAclInformationClass ) 3480 { 3481 FIXME("%p %p 0x%08x 0x%08x - stub\n", pAcl, pAclInformation, 3482 nAclInformationLength, dwAclInformationClass); 3483 3484 return TRUE; 3485 } 3486 3487 static DWORD trustee_name_A_to_W(TRUSTEE_FORM form, char *trustee_nameA, WCHAR **ptrustee_nameW) 3488 { 3489 DWORD len; 3490 3491 switch (form) 3492 { 3493 case TRUSTEE_IS_NAME: 3494 { 3495 WCHAR *wstr = NULL; 3496 3497 if (trustee_nameA) 3498 { 3499 len = MultiByteToWideChar( CP_ACP, 0, trustee_nameA, -1, NULL, 0 ); 3500 if (!(wstr = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) 3501 return ERROR_NOT_ENOUGH_MEMORY; 3502 3503 MultiByteToWideChar( CP_ACP, 0, trustee_nameA, -1, wstr, len ); 3504 } 3505 3506 *ptrustee_nameW = wstr; 3507 return ERROR_SUCCESS; 3508 } 3509 case TRUSTEE_IS_OBJECTS_AND_NAME: 3510 { 3511 OBJECTS_AND_NAME_A *objA = (OBJECTS_AND_NAME_A *)trustee_nameA; 3512 OBJECTS_AND_NAME_W *objW = NULL; 3513 3514 if (objA) 3515 { 3516 if (!(objW = HeapAlloc( GetProcessHeap(), 0, sizeof(OBJECTS_AND_NAME_W) ))) 3517 return ERROR_NOT_ENOUGH_MEMORY; 3518 3519 objW->ObjectsPresent = objA->ObjectsPresent; 3520 objW->ObjectType = objA->ObjectType; 3521 objW->ObjectTypeName = NULL; 3522 objW->InheritedObjectTypeName = NULL; 3523 objW->ptstrName = NULL; 3524 3525 if (objA->ObjectTypeName) 3526 { 3527 len = MultiByteToWideChar( CP_ACP, 0, objA->ObjectTypeName, -1, NULL, 0 ); 3528 if (!(objW->ObjectTypeName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) 3529 goto error; 3530 MultiByteToWideChar( CP_ACP, 0, objA->ObjectTypeName, -1, objW->ObjectTypeName, len ); 3531 } 3532 3533 if (objA->InheritedObjectTypeName) 3534 { 3535 len = MultiByteToWideChar( CP_ACP, 0, objA->InheritedObjectTypeName, -1, NULL, 0 ); 3536 if (!(objW->InheritedObjectTypeName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) 3537 goto error; 3538 MultiByteToWideChar( CP_ACP, 0, objA->InheritedObjectTypeName, -1, objW->InheritedObjectTypeName, len ); 3539 } 3540 3541 if (objA->ptstrName) 3542 { 3543 len = MultiByteToWideChar( CP_ACP, 0, objA->ptstrName, -1, NULL, 0 ); 3544 if (!(objW->ptstrName = HeapAlloc( GetProcessHeap(), 0, len * sizeof(WCHAR) ))) 3545 goto error; 3546 MultiByteToWideChar( CP_ACP, 0, objA->ptstrName, -1, objW->ptstrName, len ); 3547 } 3548 } 3549 3550 *ptrustee_nameW = (WCHAR *)objW; 3551 return ERROR_SUCCESS; 3552 error: 3553 HeapFree( GetProcessHeap(), 0, objW->InheritedObjectTypeName ); 3554 HeapFree( GetProcessHeap(), 0, objW->ObjectTypeName ); 3555 HeapFree( GetProcessHeap(), 0, objW ); 3556 return ERROR_NOT_ENOUGH_MEMORY; 3557 } 3558 /* These forms do not require conversion. */ 3559 case TRUSTEE_IS_SID: 3560 case TRUSTEE_IS_OBJECTS_AND_SID: 3561 *ptrustee_nameW = (WCHAR *)trustee_nameA; 3562 return ERROR_SUCCESS; 3563 default: 3564 return ERROR_INVALID_PARAMETER; 3565 } 3566 } 3567 3568 static void free_trustee_name(TRUSTEE_FORM form, WCHAR *trustee_nameW) 3569 { 3570 switch (form) 3571 { 3572 case TRUSTEE_IS_NAME: 3573 HeapFree( GetProcessHeap(), 0, trustee_nameW ); 3574 break; 3575 case TRUSTEE_IS_OBJECTS_AND_NAME: 3576 { 3577 OBJECTS_AND_NAME_W *objW = (OBJECTS_AND_NAME_W *)trustee_nameW; 3578 3579 if (objW) 3580 { 3581 HeapFree( GetProcessHeap(), 0, objW->ptstrName ); 3582 HeapFree( GetProcessHeap(), 0, objW->InheritedObjectTypeName ); 3583 HeapFree( GetProcessHeap(), 0, objW->ObjectTypeName ); 3584 HeapFree( GetProcessHeap(), 0, objW ); 3585 } 3586 3587 break; 3588 } 3589 /* Other forms did not require allocation, so no freeing is necessary. */ 3590 default: 3591 break; 3592 } 3593 } 3594 3595 /****************************************************************************** 3596 * SetEntriesInAclA [ADVAPI32.@] 3597 */ 3598 DWORD WINAPI SetEntriesInAclA( ULONG count, PEXPLICIT_ACCESSA pEntries, 3599 PACL OldAcl, PACL* NewAcl ) 3600 { 3601 DWORD err = ERROR_SUCCESS; 3602 EXPLICIT_ACCESSW *pEntriesW; 3603 UINT alloc_index, free_index; 3604 3605 TRACE("%d %p %p %p\n", count, pEntries, OldAcl, NewAcl); 3606 3607 if (NewAcl) 3608 *NewAcl = NULL; 3609 3610 if (!count && !OldAcl) 3611 return ERROR_SUCCESS; 3612 3613 pEntriesW = HeapAlloc( GetProcessHeap(), 0, count * sizeof(EXPLICIT_ACCESSW) ); 3614 if (!pEntriesW) 3615 return ERROR_NOT_ENOUGH_MEMORY; 3616 3617 for (alloc_index = 0; alloc_index < count; ++alloc_index) 3618 { 3619 pEntriesW[alloc_index].grfAccessPermissions = pEntries[alloc_index].grfAccessPermissions; 3620 pEntriesW[alloc_index].grfAccessMode = pEntries[alloc_index].grfAccessMode; 3621 pEntriesW[alloc_index].grfInheritance = pEntries[alloc_index].grfInheritance; 3622 pEntriesW[alloc_index].Trustee.pMultipleTrustee = NULL; /* currently not supported */ 3623 pEntriesW[alloc_index].Trustee.MultipleTrusteeOperation = pEntries[alloc_index].Trustee.MultipleTrusteeOperation; 3624 pEntriesW[alloc_index].Trustee.TrusteeForm = pEntries[alloc_index].Trustee.TrusteeForm; 3625 pEntriesW[alloc_index].Trustee.TrusteeType = pEntries[alloc_index].Trustee.TrusteeType; 3626 3627 err = trustee_name_A_to_W( pEntries[alloc_index].Trustee.TrusteeForm, 3628 pEntries[alloc_index].Trustee.ptstrName, 3629 &pEntriesW[alloc_index].Trustee.ptstrName ); 3630 if (err != ERROR_SUCCESS) 3631 { 3632 if (err == ERROR_INVALID_PARAMETER) 3633 WARN("bad trustee form %d for trustee %d\n", 3634 pEntries[alloc_index].Trustee.TrusteeForm, alloc_index); 3635 3636 goto cleanup; 3637 } 3638 } 3639 3640 err = SetEntriesInAclW( count, pEntriesW, OldAcl, NewAcl ); 3641 3642 cleanup: 3643 /* Free any previously allocated trustee name buffers, taking into account 3644 * a possible out-of-memory condition while building the EXPLICIT_ACCESSW 3645 * list. */ 3646 for (free_index = 0; free_index < alloc_index; ++free_index) 3647 free_trustee_name( pEntriesW[free_index].Trustee.TrusteeForm, pEntriesW[free_index].Trustee.ptstrName ); 3648 3649 HeapFree( GetProcessHeap(), 0, pEntriesW ); 3650 return err; 3651 } 3652 3653 /****************************************************************************** 3654 * SetEntriesInAclW [ADVAPI32.@] 3655 */ 3656 DWORD WINAPI SetEntriesInAclW( ULONG count, PEXPLICIT_ACCESSW pEntries, 3657 PACL OldAcl, PACL* NewAcl ) 3658 { 3659 ULONG i; 3660 PSID *ppsid; 3661 DWORD ret = ERROR_SUCCESS; 3662 DWORD acl_size = sizeof(ACL); 3663 NTSTATUS status; 3664 3665 TRACE("%d %p %p %p\n", count, pEntries, OldAcl, NewAcl); 3666 3667 if (NewAcl) 3668 *NewAcl = NULL; 3669 3670 if (!count && !OldAcl) 3671 return ERROR_SUCCESS; 3672 3673 /* allocate array of maximum sized sids allowed */ 3674 ppsid = HeapAlloc(GetProcessHeap(), 0, count * (sizeof(SID *) + FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]))); 3675 if (!ppsid) 3676 return ERROR_OUTOFMEMORY; 3677 3678 for (i = 0; i < count; i++) 3679 { 3680 ppsid[i] = (char *)&ppsid[count] + i * FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]); 3681 3682 TRACE("[%d]:\n\tgrfAccessPermissions = 0x%x\n\tgrfAccessMode = %d\n\tgrfInheritance = 0x%x\n\t" 3683 "Trustee.pMultipleTrustee = %p\n\tMultipleTrusteeOperation = %d\n\tTrusteeForm = %d\n\t" 3684 "Trustee.TrusteeType = %d\n\tptstrName = %p\n", i, 3685 pEntries[i].grfAccessPermissions, pEntries[i].grfAccessMode, pEntries[i].grfInheritance, 3686 pEntries[i].Trustee.pMultipleTrustee, pEntries[i].Trustee.MultipleTrusteeOperation, 3687 pEntries[i].Trustee.TrusteeForm, pEntries[i].Trustee.TrusteeType, 3688 pEntries[i].Trustee.ptstrName); 3689 3690 if (pEntries[i].Trustee.MultipleTrusteeOperation == TRUSTEE_IS_IMPERSONATE) 3691 { 3692 WARN("bad multiple trustee operation %d for trustee %d\n", pEntries[i].Trustee.MultipleTrusteeOperation, i); 3693 ret = ERROR_INVALID_PARAMETER; 3694 goto exit; 3695 } 3696 3697 switch (pEntries[i].Trustee.TrusteeForm) 3698 { 3699 case TRUSTEE_IS_SID: 3700 if (!CopySid(FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]), 3701 ppsid[i], pEntries[i].Trustee.ptstrName)) 3702 { 3703 WARN("bad sid %p for trustee %d\n", pEntries[i].Trustee.ptstrName, i); 3704 ret = ERROR_INVALID_PARAMETER; 3705 goto exit; 3706 } 3707 break; 3708 case TRUSTEE_IS_NAME: 3709 { 3710 DWORD sid_size = FIELD_OFFSET(SID, SubAuthority[SID_MAX_SUB_AUTHORITIES]); 3711 DWORD domain_size = MAX_COMPUTERNAME_LENGTH + 1; 3712 SID_NAME_USE use; 3713 if (!strcmpW( pEntries[i].Trustee.ptstrName, CURRENT_USER )) 3714 { 3715 if (!lookup_user_account_name( ppsid[i], &sid_size, NULL, &domain_size, &use )) 3716 { 3717 ret = GetLastError(); 3718 goto exit; 3719 } 3720 } 3721 else if (!LookupAccountNameW(NULL, pEntries[i].Trustee.ptstrName, ppsid[i], &sid_size, NULL, &domain_size, &use)) 3722 { 3723 WARN("bad user name %s for trustee %d\n", debugstr_w(pEntries[i].Trustee.ptstrName), i); 3724 ret = ERROR_INVALID_PARAMETER; 3725 goto exit; 3726 } 3727 break; 3728 } 3729 case TRUSTEE_IS_OBJECTS_AND_SID: 3730 FIXME("TRUSTEE_IS_OBJECTS_AND_SID unimplemented\n"); 3731 break; 3732 case TRUSTEE_IS_OBJECTS_AND_NAME: 3733 FIXME("TRUSTEE_IS_OBJECTS_AND_NAME unimplemented\n"); 3734 break; 3735 default: 3736 WARN("bad trustee form %d for trustee %d\n", pEntries[i].Trustee.TrusteeForm, i); 3737 ret = ERROR_INVALID_PARAMETER; 3738 goto exit; 3739 } 3740 3741 /* Note: we overestimate the ACL size here as a tradeoff between 3742 * instructions (simplicity) and memory */ 3743 switch (pEntries[i].grfAccessMode) 3744 { 3745 case GRANT_ACCESS: 3746 case SET_ACCESS: 3747 acl_size += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(ppsid[i]); 3748 break; 3749 case DENY_ACCESS: 3750 acl_size += FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart) + GetLengthSid(ppsid[i]); 3751 break; 3752 case SET_AUDIT_SUCCESS: 3753 case SET_AUDIT_FAILURE: 3754 acl_size += FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart) + GetLengthSid(ppsid[i]); 3755 break; 3756 case REVOKE_ACCESS: 3757 break; 3758 default: 3759 WARN("bad access mode %d for trustee %d\n", pEntries[i].grfAccessMode, i); 3760 ret = ERROR_INVALID_PARAMETER; 3761 goto exit; 3762 } 3763 } 3764 3765 if (OldAcl) 3766 { 3767 ACL_SIZE_INFORMATION size_info; 3768 3769 status = RtlQueryInformationAcl(OldAcl, &size_info, sizeof(size_info), AclSizeInformation); 3770 if (status != STATUS_SUCCESS) 3771 { 3772 ret = RtlNtStatusToDosError(status); 3773 goto exit; 3774 } 3775 acl_size += size_info.AclBytesInUse - sizeof(ACL); 3776 } 3777 3778 *NewAcl = LocalAlloc(0, acl_size); 3779 if (!*NewAcl) 3780 { 3781 ret = ERROR_OUTOFMEMORY; 3782 goto exit; 3783 } 3784 3785 status = RtlCreateAcl( *NewAcl, acl_size, ACL_REVISION ); 3786 if (status != STATUS_SUCCESS) 3787 { 3788 ret = RtlNtStatusToDosError(status); 3789 goto exit; 3790 } 3791 3792 for (i = 0; i < count; i++) 3793 { 3794 switch (pEntries[i].grfAccessMode) 3795 { 3796 case GRANT_ACCESS: 3797 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, 3798 pEntries[i].grfInheritance, 3799 pEntries[i].grfAccessPermissions, 3800 ppsid[i]); 3801 break; 3802 case SET_ACCESS: 3803 { 3804 ULONG j; 3805 BOOL add = TRUE; 3806 if (OldAcl) 3807 { 3808 for (j = 0; ; j++) 3809 { 3810 const ACE_HEADER *existing_ace_header; 3811 status = RtlGetAce(OldAcl, j, (LPVOID *)&existing_ace_header); 3812 if (status != STATUS_SUCCESS) 3813 break; 3814 if (pEntries[i].grfAccessMode == SET_ACCESS && 3815 existing_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE && 3816 EqualSid(ppsid[i], &((ACCESS_ALLOWED_ACE *)existing_ace_header)->SidStart)) 3817 { 3818 add = FALSE; 3819 break; 3820 } 3821 } 3822 } 3823 if (add) 3824 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, 3825 pEntries[i].grfInheritance, 3826 pEntries[i].grfAccessPermissions, 3827 ppsid[i]); 3828 break; 3829 } 3830 case DENY_ACCESS: 3831 status = RtlAddAccessDeniedAceEx(*NewAcl, ACL_REVISION, 3832 pEntries[i].grfInheritance, 3833 pEntries[i].grfAccessPermissions, 3834 ppsid[i]); 3835 break; 3836 case SET_AUDIT_SUCCESS: 3837 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION, 3838 pEntries[i].grfInheritance, 3839 pEntries[i].grfAccessPermissions, 3840 ppsid[i], TRUE, FALSE); 3841 break; 3842 case SET_AUDIT_FAILURE: 3843 status = RtlAddAuditAccessAceEx(*NewAcl, ACL_REVISION, 3844 pEntries[i].grfInheritance, 3845 pEntries[i].grfAccessPermissions, 3846 ppsid[i], FALSE, TRUE); 3847 break; 3848 default: 3849 FIXME("unhandled access mode %d\n", pEntries[i].grfAccessMode); 3850 } 3851 } 3852 3853 if (OldAcl) 3854 { 3855 for (i = 0; ; i++) 3856 { 3857 BOOL add = TRUE; 3858 ULONG j; 3859 const ACE_HEADER *old_ace_header; 3860 status = RtlGetAce(OldAcl, i, (LPVOID *)&old_ace_header); 3861 if (status != STATUS_SUCCESS) break; 3862 for (j = 0; j < count; j++) 3863 { 3864 if (pEntries[j].grfAccessMode == SET_ACCESS && 3865 old_ace_header->AceType == ACCESS_ALLOWED_ACE_TYPE && 3866 EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart)) 3867 { 3868 status = RtlAddAccessAllowedAceEx(*NewAcl, ACL_REVISION, pEntries[j].grfInheritance, pEntries[j].grfAccessPermissions, ppsid[j]); 3869 add = FALSE; 3870 break; 3871 } 3872 else if (pEntries[j].grfAccessMode == REVOKE_ACCESS) 3873 { 3874 switch (old_ace_header->AceType) 3875 { 3876 case ACCESS_ALLOWED_ACE_TYPE: 3877 if (EqualSid(ppsid[j], &((ACCESS_ALLOWED_ACE *)old_ace_header)->SidStart)) 3878 add = FALSE; 3879 break; 3880 case ACCESS_DENIED_ACE_TYPE: 3881 if (EqualSid(ppsid[j], &((ACCESS_DENIED_ACE *)old_ace_header)->SidStart)) 3882 add = FALSE; 3883 break; 3884 case SYSTEM_AUDIT_ACE_TYPE: 3885 if (EqualSid(ppsid[j], &((SYSTEM_AUDIT_ACE *)old_ace_header)->SidStart)) 3886 add = FALSE; 3887 break; 3888 case SYSTEM_ALARM_ACE_TYPE: 3889 if (EqualSid(ppsid[j], &((SYSTEM_ALARM_ACE *)old_ace_header)->SidStart)) 3890 add = FALSE; 3891 break; 3892 default: 3893 FIXME("unhandled ace type %d\n", old_ace_header->AceType); 3894 } 3895 3896 if (!add) 3897 break; 3898 } 3899 } 3900 if (add) 3901 status = RtlAddAce(*NewAcl, ACL_REVISION, 1, (PACE_HEADER)old_ace_header, old_ace_header->AceSize); 3902 if (status != STATUS_SUCCESS) 3903 { 3904 WARN("RtlAddAce failed with error 0x%08x\n", status); 3905 ret = RtlNtStatusToDosError(status); 3906 break; 3907 } 3908 } 3909 } 3910 3911 exit: 3912 HeapFree(GetProcessHeap(), 0, ppsid); 3913 return ret; 3914 } 3915 3916 /****************************************************************************** 3917 * SetNamedSecurityInfoA [ADVAPI32.@] 3918 */ 3919 DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, 3920 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, 3921 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl) 3922 { 3923 DWORD len; 3924 LPWSTR wstr = NULL; 3925 DWORD r; 3926 3927 TRACE("%s %d %d %p %p %p %p\n", debugstr_a(pObjectName), ObjectType, 3928 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl); 3929 3930 if( pObjectName ) 3931 { 3932 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 ); 3933 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR)); 3934 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len ); 3935 } 3936 3937 r = SetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, psidOwner, 3938 psidGroup, pDacl, pSacl ); 3939 3940 HeapFree( GetProcessHeap(), 0, wstr ); 3941 3942 return r; 3943 } 3944 3945 BOOL WINAPI SetPrivateObjectSecurity( SECURITY_INFORMATION SecurityInformation, 3946 PSECURITY_DESCRIPTOR ModificationDescriptor, 3947 PSECURITY_DESCRIPTOR* ObjectsSecurityDescriptor, 3948 PGENERIC_MAPPING GenericMapping, 3949 HANDLE Token ) 3950 { 3951 FIXME("0x%08x %p %p %p %p - stub\n", SecurityInformation, ModificationDescriptor, 3952 ObjectsSecurityDescriptor, GenericMapping, Token); 3953 3954 return TRUE; 3955 } 3956 3957 BOOL WINAPI AreAllAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess ) 3958 { 3959 return RtlAreAllAccessesGranted( GrantedAccess, DesiredAccess ); 3960 } 3961 3962 /****************************************************************************** 3963 * AreAnyAccessesGranted [ADVAPI32.@] 3964 * 3965 * Determines whether or not any of a set of specified access permissions have 3966 * been granted or not. 3967 * 3968 * PARAMS 3969 * GrantedAccess [I] The permissions that have been granted. 3970 * DesiredAccess [I] The permissions that you want to have. 3971 * 3972 * RETURNS 3973 * Nonzero if any of the permissions have been granted, zero if none of the 3974 * permissions have been granted. 3975 */ 3976 3977 BOOL WINAPI AreAnyAccessesGranted( DWORD GrantedAccess, DWORD DesiredAccess ) 3978 { 3979 return RtlAreAnyAccessesGranted( GrantedAccess, DesiredAccess ); 3980 } 3981 3982 /****************************************************************************** 3983 * SetNamedSecurityInfoW [ADVAPI32.@] 3984 */ 3985 DWORD WINAPI SetNamedSecurityInfoW(LPWSTR pObjectName, 3986 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, 3987 PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl) 3988 { 3989 FIXME("%s %d %d %p %p %p %p\n", debugstr_w(pObjectName), ObjectType, 3990 SecurityInfo, psidOwner, psidGroup, pDacl, pSacl); 3991 return ERROR_SUCCESS; 3992 } 3993 3994 /****************************************************************************** 3995 * GetExplicitEntriesFromAclA [ADVAPI32.@] 3996 */ 3997 DWORD WINAPI GetExplicitEntriesFromAclA( PACL pacl, PULONG pcCountOfExplicitEntries, 3998 PEXPLICIT_ACCESSA* pListOfExplicitEntries) 3999 { 4000 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries); 4001 return ERROR_CALL_NOT_IMPLEMENTED; 4002 } 4003 4004 /****************************************************************************** 4005 * GetExplicitEntriesFromAclW [ADVAPI32.@] 4006 */ 4007 DWORD WINAPI GetExplicitEntriesFromAclW( PACL pacl, PULONG pcCountOfExplicitEntries, 4008 PEXPLICIT_ACCESSW* pListOfExplicitEntries) 4009 { 4010 FIXME("%p %p %p\n",pacl, pcCountOfExplicitEntries, pListOfExplicitEntries); 4011 return ERROR_CALL_NOT_IMPLEMENTED; 4012 } 4013 4014 /****************************************************************************** 4015 * GetAuditedPermissionsFromAclA [ADVAPI32.@] 4016 */ 4017 DWORD WINAPI GetAuditedPermissionsFromAclA( PACL pacl, PTRUSTEEA pTrustee, PACCESS_MASK pSuccessfulAuditedRights, 4018 PACCESS_MASK pFailedAuditRights) 4019 { 4020 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights); 4021 return ERROR_CALL_NOT_IMPLEMENTED; 4022 4023 } 4024 4025 /****************************************************************************** 4026 * GetAuditedPermissionsFromAclW [ADVAPI32.@] 4027 */ 4028 DWORD WINAPI GetAuditedPermissionsFromAclW( PACL pacl, PTRUSTEEW pTrustee, PACCESS_MASK pSuccessfulAuditedRights, 4029 PACCESS_MASK pFailedAuditRights) 4030 { 4031 FIXME("%p %p %p %p\n",pacl, pTrustee, pSuccessfulAuditedRights, pFailedAuditRights); 4032 return ERROR_CALL_NOT_IMPLEMENTED; 4033 4034 } 4035 4036 /****************************************************************************** 4037 * ParseAclStringFlags 4038 */ 4039 static DWORD ParseAclStringFlags(LPCWSTR* StringAcl) 4040 { 4041 DWORD flags = 0; 4042 LPCWSTR szAcl = *StringAcl; 4043 4044 while (*szAcl != '(') 4045 { 4046 if (*szAcl == 'P') 4047 { 4048 flags |= SE_DACL_PROTECTED; 4049 } 4050 else if (*szAcl == 'A') 4051 { 4052 szAcl++; 4053 if (*szAcl == 'R') 4054 flags |= SE_DACL_AUTO_INHERIT_REQ; 4055 else if (*szAcl == 'I') 4056 flags |= SE_DACL_AUTO_INHERITED; 4057 } 4058 szAcl++; 4059 } 4060 4061 *StringAcl = szAcl; 4062 return flags; 4063 } 4064 4065 /****************************************************************************** 4066 * ParseAceStringType 4067 */ 4068 static const ACEFLAG AceType[] = 4069 { 4070 { SDDL_ALARM, SYSTEM_ALARM_ACE_TYPE }, 4071 { SDDL_AUDIT, SYSTEM_AUDIT_ACE_TYPE }, 4072 { SDDL_ACCESS_ALLOWED, ACCESS_ALLOWED_ACE_TYPE }, 4073 { SDDL_ACCESS_DENIED, ACCESS_DENIED_ACE_TYPE }, 4074 /* 4075 { SDDL_OBJECT_ACCESS_ALLOWED, ACCESS_ALLOWED_OBJECT_ACE_TYPE }, 4076 { SDDL_OBJECT_ACCESS_DENIED, ACCESS_DENIED_OBJECT_ACE_TYPE }, 4077 { SDDL_OBJECT_ALARM, SYSTEM_ALARM_OBJECT_ACE_TYPE }, 4078 { SDDL_OBJECT_AUDIT, SYSTEM_AUDIT_OBJECT_ACE_TYPE }, 4079 */ 4080 { NULL, 0 }, 4081 }; 4082 4083 static BYTE ParseAceStringType(LPCWSTR* StringAcl) 4084 { 4085 UINT len = 0; 4086 LPCWSTR szAcl = *StringAcl; 4087 const ACEFLAG *lpaf = AceType; 4088 4089 while (*szAcl == ' ') 4090 szAcl++; 4091 4092 while (lpaf->wstr && 4093 (len = strlenW(lpaf->wstr)) && 4094 strncmpW(lpaf->wstr, szAcl, len)) 4095 lpaf++; 4096 4097 if (!lpaf->wstr) 4098 return 0; 4099 4100 *StringAcl = szAcl + len; 4101 return lpaf->value; 4102 } 4103 4104 4105 /****************************************************************************** 4106 * ParseAceStringFlags 4107 */ 4108 static const ACEFLAG AceFlags[] = 4109 { 4110 { SDDL_CONTAINER_INHERIT, CONTAINER_INHERIT_ACE }, 4111 { SDDL_AUDIT_FAILURE, FAILED_ACCESS_ACE_FLAG }, 4112 { SDDL_INHERITED, INHERITED_ACE }, 4113 { SDDL_INHERIT_ONLY, INHERIT_ONLY_ACE }, 4114 { SDDL_NO_PROPAGATE, NO_PROPAGATE_INHERIT_ACE }, 4115 { SDDL_OBJECT_INHERIT, OBJECT_INHERIT_ACE }, 4116 { SDDL_AUDIT_SUCCESS, SUCCESSFUL_ACCESS_ACE_FLAG }, 4117 { NULL, 0 }, 4118 }; 4119 4120 static BYTE ParseAceStringFlags(LPCWSTR* StringAcl) 4121 { 4122 UINT len = 0; 4123 BYTE flags = 0; 4124 LPCWSTR szAcl = *StringAcl; 4125 4126 while (*szAcl == ' ') 4127 szAcl++; 4128 4129 while (*szAcl != ';') 4130 { 4131 const ACEFLAG *lpaf = AceFlags; 4132 4133 while (lpaf->wstr && 4134 (len = strlenW(lpaf->wstr)) && 4135 strncmpW(lpaf->wstr, szAcl, len)) 4136 lpaf++; 4137 4138 if (!lpaf->wstr) 4139 return 0; 4140 4141 flags |= lpaf->value; 4142 szAcl += len; 4143 } 4144 4145 *StringAcl = szAcl; 4146 return flags; 4147 } 4148 4149 4150 /****************************************************************************** 4151 * ParseAceStringRights 4152 */ 4153 static const ACEFLAG AceRights[] = 4154 { 4155 { SDDL_GENERIC_ALL, GENERIC_ALL }, 4156 { SDDL_GENERIC_READ, GENERIC_READ }, 4157 { SDDL_GENERIC_WRITE, GENERIC_WRITE }, 4158 { SDDL_GENERIC_EXECUTE, GENERIC_EXECUTE }, 4159 4160 { SDDL_READ_CONTROL, READ_CONTROL }, 4161 { SDDL_STANDARD_DELETE, DELETE }, 4162 { SDDL_WRITE_DAC, WRITE_DAC }, 4163 { SDDL_WRITE_OWNER, WRITE_OWNER }, 4164 4165 { SDDL_READ_PROPERTY, ADS_RIGHT_DS_READ_PROP}, 4166 { SDDL_WRITE_PROPERTY, ADS_RIGHT_DS_WRITE_PROP}, 4167 { SDDL_CREATE_CHILD, ADS_RIGHT_DS_CREATE_CHILD}, 4168 { SDDL_DELETE_CHILD, ADS_RIGHT_DS_DELETE_CHILD}, 4169 { SDDL_LIST_CHILDREN, ADS_RIGHT_ACTRL_DS_LIST}, 4170 { SDDL_SELF_WRITE, ADS_RIGHT_DS_SELF}, 4171 { SDDL_LIST_OBJECT, ADS_RIGHT_DS_LIST_OBJECT}, 4172 { SDDL_DELETE_TREE, ADS_RIGHT_DS_DELETE_TREE}, 4173 { SDDL_CONTROL_ACCESS, ADS_RIGHT_DS_CONTROL_ACCESS}, 4174 4175 { SDDL_FILE_ALL, FILE_ALL_ACCESS }, 4176 { SDDL_FILE_READ, FILE_GENERIC_READ }, 4177 { SDDL_FILE_WRITE, FILE_GENERIC_WRITE }, 4178 { SDDL_FILE_EXECUTE, FILE_GENERIC_EXECUTE }, 4179 4180 { SDDL_KEY_ALL, KEY_ALL_ACCESS }, 4181 { SDDL_KEY_READ, KEY_READ }, 4182 { SDDL_KEY_WRITE, KEY_WRITE }, 4183 { SDDL_KEY_EXECUTE, KEY_EXECUTE }, 4184 { NULL, 0 }, 4185 }; 4186 4187 static DWORD ParseAceStringRights(LPCWSTR* StringAcl) 4188 { 4189 UINT len = 0; 4190 DWORD rights = 0; 4191 LPCWSTR szAcl = *StringAcl; 4192 4193 while (*szAcl == ' ') 4194 szAcl++; 4195 4196 if ((*szAcl == '') && (*(szAcl + 1) == 'x')) 4197 { 4198 LPCWSTR p = szAcl; 4199 4200 while (*p && *p != ';') 4201 p++; 4202 4203 if (p - szAcl <= 10 /* 8 hex digits + "0x" */ ) 4204 { 4205 rights = strtoulW(szAcl, NULL, 16); 4206 szAcl = p; 4207 } 4208 else 4209 WARN("Invalid rights string format: %s\n", debugstr_wn(szAcl, p - szAcl)); 4210 } 4211 else 4212 { 4213 while (*szAcl != ';') 4214 { 4215 const ACEFLAG *lpaf = AceRights; 4216 4217 while (lpaf->wstr && 4218 (len = strlenW(lpaf->wstr)) && 4219 strncmpW(lpaf->wstr, szAcl, len)) 4220 { 4221 lpaf++; 4222 } 4223 4224 if (!lpaf->wstr) 4225 return 0; 4226 4227 rights |= lpaf->value; 4228 szAcl += len; 4229 } 4230 } 4231 4232 *StringAcl = szAcl; 4233 return rights; 4234 } 4235 4236 4237 /****************************************************************************** 4238 * ParseStringAclToAcl 4239 * 4240 * dacl_flags(string_ace1)(string_ace2)... (string_acen) 4241 */ 4242 static BOOL ParseStringAclToAcl(LPCWSTR StringAcl, LPDWORD lpdwFlags, 4243 PACL pAcl, LPDWORD cBytes) 4244 { 4245 DWORD val; 4246 DWORD sidlen; 4247 DWORD length = sizeof(ACL); 4248 DWORD acesize = 0; 4249 DWORD acecount = 0; 4250 PACCESS_ALLOWED_ACE pAce = NULL; /* pointer to current ACE */ 4251 DWORD error = ERROR_INVALID_ACL; 4252 4253 TRACE("%s\n", debugstr_w(StringAcl)); 4254 4255 if (!StringAcl) 4256 return FALSE; 4257 4258 if (pAcl) /* pAce is only useful if we're setting values */ 4259 pAce = (PACCESS_ALLOWED_ACE) (pAcl + 1); 4260 4261 /* Parse ACL flags */ 4262 *lpdwFlags = ParseAclStringFlags(&StringAcl); 4263 4264 /* Parse ACE */ 4265 while (*StringAcl == '(') 4266 { 4267 StringAcl++; 4268 4269 /* Parse ACE type */ 4270 val = ParseAceStringType(&StringAcl); 4271 if (pAce) 4272 pAce->Header.AceType = (BYTE) val; 4273 if (*StringAcl != ';') 4274 { 4275 error = RPC_S_INVALID_STRING_UUID; 4276 goto lerr; 4277 } 4278 StringAcl++; 4279 4280 /* Parse ACE flags */ 4281 val = ParseAceStringFlags(&StringAcl); 4282 if (pAce) 4283 pAce->Header.AceFlags = (BYTE) val; 4284 if (*StringAcl != ';') 4285 goto lerr; 4286 StringAcl++; 4287 4288 /* Parse ACE rights */ 4289 val = ParseAceStringRights(&StringAcl); 4290 if (pAce) 4291 pAce->Mask = val; 4292 if (*StringAcl != ';') 4293 goto lerr; 4294 StringAcl++; 4295 4296 /* Parse ACE object guid */ 4297 while (*StringAcl == ' ') 4298 StringAcl++; 4299 if (*StringAcl != ';') 4300 { 4301 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n"); 4302 goto lerr; 4303 } 4304 StringAcl++; 4305 4306 /* Parse ACE inherit object guid */ 4307 while (*StringAcl == ' ') 4308 StringAcl++; 4309 if (*StringAcl != ';') 4310 { 4311 FIXME("Support for *_OBJECT_ACE_TYPE not implemented\n"); 4312 goto lerr; 4313 } 4314 StringAcl++; 4315 4316 /* Parse ACE account sid */ 4317 if (ParseStringSidToSid(StringAcl, pAce ? &pAce->SidStart : NULL, &sidlen)) 4318 { 4319 while (*StringAcl && *StringAcl != ')') 4320 StringAcl++; 4321 } 4322 4323 if (*StringAcl != ')') 4324 goto lerr; 4325 StringAcl++; 4326 4327 acesize = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + sidlen; 4328 length += acesize; 4329 if (pAce) 4330 { 4331 pAce->Header.AceSize = acesize; 4332 pAce = (PACCESS_ALLOWED_ACE)((LPBYTE)pAce + acesize); 4333 } 4334 acecount++; 4335 } 4336 4337 *cBytes = length; 4338 4339 if (length > 0xffff) 4340 { 4341 ERR("ACL too large\n"); 4342 goto lerr; 4343 } 4344 4345 if (pAcl) 4346 { 4347 pAcl->AclRevision = ACL_REVISION; 4348 pAcl->Sbz1 = 0; 4349 pAcl->AclSize = length; 4350 pAcl->AceCount = acecount++; 4351 pAcl->Sbz2 = 0; 4352 } 4353 return TRUE; 4354 4355 lerr: 4356 SetLastError(error); 4357 WARN("Invalid ACE string format\n"); 4358 return FALSE; 4359 } 4360 4361 4362 /****************************************************************************** 4363 * ParseStringSecurityDescriptorToSecurityDescriptor 4364 */ 4365 static BOOL ParseStringSecurityDescriptorToSecurityDescriptor( 4366 LPCWSTR StringSecurityDescriptor, 4367 SECURITY_DESCRIPTOR_RELATIVE* SecurityDescriptor, 4368 LPDWORD cBytes) 4369 { 4370 BOOL bret = FALSE; 4371 WCHAR toktype; 4372 WCHAR tok[MAX_PATH]; 4373 LPCWSTR lptoken; 4374 LPBYTE lpNext = NULL; 4375 DWORD len; 4376 4377 *cBytes = sizeof(SECURITY_DESCRIPTOR); 4378 4379 if (SecurityDescriptor) 4380 lpNext = (LPBYTE)(SecurityDescriptor + 1); 4381 4382 while (*StringSecurityDescriptor == ' ') 4383 StringSecurityDescriptor++; 4384 4385 while (*StringSecurityDescriptor) 4386 { 4387 toktype = *StringSecurityDescriptor; 4388 4389 /* Expect char identifier followed by ':' */ 4390 StringSecurityDescriptor++; 4391 if (*StringSecurityDescriptor != ':') 4392 { 4393 SetLastError(ERROR_INVALID_PARAMETER); 4394 goto lend; 4395 } 4396 StringSecurityDescriptor++; 4397 4398 /* Extract token */ 4399 lptoken = StringSecurityDescriptor; 4400 while (*lptoken && *lptoken != ':') 4401 lptoken++; 4402 4403 if (*lptoken) 4404 lptoken--; 4405 4406 len = lptoken - StringSecurityDescriptor; 4407 memcpy( tok, StringSecurityDescriptor, len * sizeof(WCHAR) ); 4408 tok[len] = 0; 4409 4410 switch (toktype) 4411 { 4412 case 'O': 4413 { 4414 DWORD bytes; 4415 4416 if (!ParseStringSidToSid(tok, lpNext, &bytes)) 4417 goto lend; 4418 4419 if (SecurityDescriptor) 4420 { 4421 SecurityDescriptor->Owner = lpNext - (LPBYTE)SecurityDescriptor; 4422 lpNext += bytes; /* Advance to next token */ 4423 } 4424 4425 *cBytes += bytes; 4426 4427 break; 4428 } 4429 4430 case 'G': 4431 { 4432 DWORD bytes; 4433 4434 if (!ParseStringSidToSid(tok, lpNext, &bytes)) 4435 goto lend; 4436 4437 if (SecurityDescriptor) 4438 { 4439 SecurityDescriptor->Group = lpNext - (LPBYTE)SecurityDescriptor; 4440 lpNext += bytes; /* Advance to next token */ 4441 } 4442 4443 *cBytes += bytes; 4444 4445 break; 4446 } 4447 4448 case 'D': 4449 { 4450 DWORD flags; 4451 DWORD bytes; 4452 4453 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes)) 4454 goto lend; 4455 4456 if (SecurityDescriptor) 4457 { 4458 SecurityDescriptor->Control |= SE_DACL_PRESENT | flags; 4459 SecurityDescriptor->Dacl = lpNext - (LPBYTE)SecurityDescriptor; 4460 lpNext += bytes; /* Advance to next token */ 4461 } 4462 4463 *cBytes += bytes; 4464 4465 break; 4466 } 4467 4468 case 'S': 4469 { 4470 DWORD flags; 4471 DWORD bytes; 4472 4473 if (!ParseStringAclToAcl(tok, &flags, (PACL)lpNext, &bytes)) 4474 goto lend; 4475 4476 if (SecurityDescriptor) 4477 { 4478 SecurityDescriptor->Control |= SE_SACL_PRESENT | flags; 4479 SecurityDescriptor->Sacl = lpNext - (LPBYTE)SecurityDescriptor; 4480 lpNext += bytes; /* Advance to next token */ 4481 } 4482 4483 *cBytes += bytes; 4484 4485 break; 4486 } 4487 4488 default: 4489 FIXME("Unknown token\n"); 4490 SetLastError(ERROR_INVALID_PARAMETER); 4491 goto lend; 4492 } 4493 4494 StringSecurityDescriptor = lptoken; 4495 } 4496 4497 bret = TRUE; 4498 4499 lend: 4500 return bret; 4501 } 4502 4503 /****************************************************************************** 4504 * ConvertStringSecurityDescriptorToSecurityDescriptorA [ADVAPI32.@] 4505 */ 4506 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA( 4507 LPCSTR StringSecurityDescriptor, 4508 DWORD StringSDRevision, 4509 PSECURITY_DESCRIPTOR* SecurityDescriptor, 4510 PULONG SecurityDescriptorSize) 4511 { 4512 UINT len; 4513 BOOL ret = FALSE; 4514 LPWSTR StringSecurityDescriptorW; 4515 4516 len = MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, NULL, 0); 4517 StringSecurityDescriptorW = HeapAlloc(GetProcessHeap(), 0, len * sizeof(WCHAR)); 4518 4519 if (StringSecurityDescriptorW) 4520 { 4521 MultiByteToWideChar(CP_ACP, 0, StringSecurityDescriptor, -1, StringSecurityDescriptorW, len); 4522 4523 ret = ConvertStringSecurityDescriptorToSecurityDescriptorW(StringSecurityDescriptorW, 4524 StringSDRevision, SecurityDescriptor, 4525 SecurityDescriptorSize); 4526 HeapFree(GetProcessHeap(), 0, StringSecurityDescriptorW); 4527 } 4528 4529 return ret; 4530 } 4531 4532 /****************************************************************************** 4533 * ConvertStringSecurityDescriptorToSecurityDescriptorW [ADVAPI32.@] 4534 */ 4535 BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW( 4536 LPCWSTR StringSecurityDescriptor, 4537 DWORD StringSDRevision, 4538 PSECURITY_DESCRIPTOR* SecurityDescriptor, 4539 PULONG SecurityDescriptorSize) 4540 { 4541 DWORD cBytes; 4542 SECURITY_DESCRIPTOR* psd; 4543 BOOL bret = FALSE; 4544 4545 TRACE("%s\n", debugstr_w(StringSecurityDescriptor)); 4546 4547 if (GetVersion() & 0x80000000) 4548 { 4549 SetLastError(ERROR_CALL_NOT_IMPLEMENTED); 4550 goto lend; 4551 } 4552 else if (!StringSecurityDescriptor || !SecurityDescriptor) 4553 { 4554 SetLastError(ERROR_INVALID_PARAMETER); 4555 goto lend; 4556 } 4557 else if (StringSDRevision != SID_REVISION) 4558 { 4559 SetLastError(ERROR_UNKNOWN_REVISION); 4560 goto lend; 4561 } 4562 4563 /* Compute security descriptor length */ 4564 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor, 4565 NULL, &cBytes)) 4566 goto lend; 4567 4568 psd = *SecurityDescriptor = LocalAlloc(GMEM_ZEROINIT, cBytes); 4569 if (!psd) goto lend; 4570 4571 psd->Revision = SID_REVISION; 4572 psd->Control |= SE_SELF_RELATIVE; 4573 4574 if (!ParseStringSecurityDescriptorToSecurityDescriptor(StringSecurityDescriptor, 4575 (SECURITY_DESCRIPTOR_RELATIVE *)psd, &cBytes)) 4576 { 4577 LocalFree(psd); 4578 goto lend; 4579 } 4580 4581 if (SecurityDescriptorSize) 4582 *SecurityDescriptorSize = cBytes; 4583 4584 bret = TRUE; 4585 4586 lend: 4587 TRACE(" ret=%d\n", bret); 4588 return bret; 4589 } 4590 4591 static void DumpString(LPCWSTR string, int cch, WCHAR **pwptr, ULONG *plen) 4592 { 4593 if (cch == -1) 4594 cch = strlenW(string); 4595 4596 if (plen) 4597 *plen += cch; 4598 4599 if (pwptr) 4600 { 4601 memcpy(*pwptr, string, sizeof(WCHAR)*cch); 4602 *pwptr += cch; 4603 } 4604 } 4605 4606 static BOOL DumpSidNumeric(PSID psid, WCHAR **pwptr, ULONG *plen) 4607 { 4608 DWORD i; 4609 WCHAR fmt[] = { 'S','-','%','u','-','%','d',0 }; 4610 WCHAR subauthfmt[] = { '-','%','u',0 }; 4611 WCHAR buf[26]; 4612 SID *pisid = psid; 4613 4614 if( !IsValidSid( psid ) || pisid->Revision != SDDL_REVISION) 4615 { 4616 SetLastError(ERROR_INVALID_SID); 4617 return FALSE; 4618 } 4619 4620 if (pisid->IdentifierAuthority.Value[0] || 4621 pisid->IdentifierAuthority.Value[1]) 4622 { 4623 FIXME("not matching MS' bugs\n"); 4624 SetLastError(ERROR_INVALID_SID); 4625 return FALSE; 4626 } 4627 4628 sprintfW( buf, fmt, pisid->Revision, 4629 MAKELONG( 4630 MAKEWORD( pisid->IdentifierAuthority.Value[5], 4631 pisid->IdentifierAuthority.Value[4] ), 4632 MAKEWORD( pisid->IdentifierAuthority.Value[3], 4633 pisid->IdentifierAuthority.Value[2] ) 4634 ) ); 4635 DumpString(buf, -1, pwptr, plen); 4636 4637 for( i=0; i<pisid->SubAuthorityCount; i++ ) 4638 { 4639 sprintfW( buf, subauthfmt, pisid->SubAuthority[i] ); 4640 DumpString(buf, -1, pwptr, plen); 4641 } 4642 return TRUE; 4643 } 4644 4645 static BOOL DumpSid(PSID psid, WCHAR **pwptr, ULONG *plen) 4646 { 4647 size_t i; 4648 for (i = 0; i < sizeof(WellKnownSids) / sizeof(WellKnownSids[0]); i++) 4649 { 4650 if (WellKnownSids[i].wstr[0] && EqualSid(psid, (PSID)&(WellKnownSids[i].Sid.Revision))) 4651 { 4652 DumpString(WellKnownSids[i].wstr, 2, pwptr, plen); 4653 return TRUE; 4654 } 4655 } 4656 4657 return DumpSidNumeric(psid, pwptr, plen); 4658 } 4659 4660 static const LPCWSTR AceRightBitNames[32] = { 4661 SDDL_CREATE_CHILD, /* 0 */ 4662 SDDL_DELETE_CHILD, 4663 SDDL_LIST_CHILDREN, 4664 SDDL_SELF_WRITE, 4665 SDDL_READ_PROPERTY, /* 4 */ 4666 SDDL_WRITE_PROPERTY, 4667 SDDL_DELETE_TREE, 4668 SDDL_LIST_OBJECT, 4669 SDDL_CONTROL_ACCESS, /* 8 */ 4670 NULL, 4671 NULL, 4672 NULL, 4673 NULL, /* 12 */ 4674 NULL, 4675 NULL, 4676 NULL, 4677 SDDL_STANDARD_DELETE, /* 16 */ 4678 SDDL_READ_CONTROL, 4679 SDDL_WRITE_DAC, 4680 SDDL_WRITE_OWNER, 4681 NULL, /* 20 */ 4682 NULL, 4683 NULL, 4684 NULL, 4685 NULL, /* 24 */ 4686 NULL, 4687 NULL, 4688 NULL, 4689 SDDL_GENERIC_ALL, /* 28 */ 4690 SDDL_GENERIC_EXECUTE, 4691 SDDL_GENERIC_WRITE, 4692 SDDL_GENERIC_READ 4693 }; 4694 4695 static void DumpRights(DWORD mask, WCHAR **pwptr, ULONG *plen) 4696 { 4697 static const WCHAR fmtW[] = {'','x','%','x',0}; 4698 WCHAR buf[15]; 4699 size_t i; 4700 4701 if (mask == 0) 4702 return; 4703 4704 /* first check if the right have name */ 4705 for (i = 0; i < sizeof(AceRights)/sizeof(AceRights[0]); i++) 4706 { 4707 if (AceRights[i].wstr == NULL) 4708 break; 4709 if (mask == AceRights[i].value) 4710 { 4711 DumpString(AceRights[i].wstr, -1, pwptr, plen); 4712 return; 4713 } 4714 } 4715 4716 /* then check if it can be built from bit names */ 4717 for (i = 0; i < 32; i++) 4718 { 4719 if ((mask & (1 << i)) && (AceRightBitNames[i] == NULL)) 4720 { 4721 /* can't be built from bit names */ 4722 sprintfW(buf, fmtW, mask); 4723 DumpString(buf, -1, pwptr, plen); 4724 return; 4725 } 4726 } 4727 4728 /* build from bit names */ 4729 for (i = 0; i < 32; i++) 4730 if (mask & (1 << i)) 4731 DumpString(AceRightBitNames[i], -1, pwptr, plen); 4732 } 4733 4734 static BOOL DumpAce(LPVOID pace, WCHAR **pwptr, ULONG *plen) 4735 { 4736 ACCESS_ALLOWED_ACE *piace; /* all the supported ACEs have the same memory layout */ 4737 static const WCHAR openbr = '('; 4738 static const WCHAR closebr = ')'; 4739 static const WCHAR semicolon = ';'; 4740 4741 if (((PACE_HEADER)pace)->AceType > SYSTEM_ALARM_ACE_TYPE || ((PACE_HEADER)pace)->AceSize < sizeof(ACCESS_ALLOWED_ACE)) 4742 { 4743 SetLastError(ERROR_INVALID_ACL); 4744 return FALSE; 4745 } 4746 4747 piace = pace; 4748 DumpString(&openbr, 1, pwptr, plen); 4749 switch (piace->Header.AceType) 4750 { 4751 case ACCESS_ALLOWED_ACE_TYPE: 4752 DumpString(SDDL_ACCESS_ALLOWED, -1, pwptr, plen); 4753 break; 4754 case ACCESS_DENIED_ACE_TYPE: 4755 DumpString(SDDL_ACCESS_DENIED, -1, pwptr, plen); 4756 break; 4757 case SYSTEM_AUDIT_ACE_TYPE: 4758 DumpString(SDDL_AUDIT, -1, pwptr, plen); 4759 break; 4760 case SYSTEM_ALARM_ACE_TYPE: 4761 DumpString(SDDL_ALARM, -1, pwptr, plen); 4762 break; 4763 } 4764 DumpString(&semicolon, 1, pwptr, plen); 4765 4766 if (piace->Header.AceFlags & OBJECT_INHERIT_ACE) 4767 DumpString(SDDL_OBJECT_INHERIT, -1, pwptr, plen); 4768 if (piace->Header.AceFlags & CONTAINER_INHERIT_ACE) 4769 DumpString(SDDL_CONTAINER_INHERIT, -1, pwptr, plen); 4770 if (piace->Header.AceFlags & NO_PROPAGATE_INHERIT_ACE) 4771 DumpString(SDDL_NO_PROPAGATE, -1, pwptr, plen); 4772 if (piace->Header.AceFlags & INHERIT_ONLY_ACE) 4773 DumpString(SDDL_INHERIT_ONLY, -1, pwptr, plen); 4774 if (piace->Header.AceFlags & INHERITED_ACE) 4775 DumpString(SDDL_INHERITED, -1, pwptr, plen); 4776 if (piace->Header.AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) 4777 DumpString(SDDL_AUDIT_SUCCESS, -1, pwptr, plen); 4778 if (piace->Header.AceFlags & FAILED_ACCESS_ACE_FLAG) 4779 DumpString(SDDL_AUDIT_FAILURE, -1, pwptr, plen); 4780 DumpString(&semicolon, 1, pwptr, plen); 4781 DumpRights(piace->Mask, pwptr, plen); 4782 DumpString(&semicolon, 1, pwptr, plen); 4783 /* objects not supported */ 4784 DumpString(&semicolon, 1, pwptr, plen); 4785 /* objects not supported */ 4786 DumpString(&semicolon, 1, pwptr, plen); 4787 if (!DumpSid(&piace->SidStart, pwptr, plen)) 4788 return FALSE; 4789 DumpString(&closebr, 1, pwptr, plen); 4790 return TRUE; 4791 } 4792 4793 static BOOL DumpAcl(PACL pacl, WCHAR **pwptr, ULONG *plen, BOOL protected, BOOL autoInheritReq, BOOL autoInherited) 4794 { 4795 WORD count; 4796 int i; 4797 4798 if (protected) 4799 DumpString(SDDL_PROTECTED, -1, pwptr, plen); 4800 if (autoInheritReq) 4801 DumpString(SDDL_AUTO_INHERIT_REQ, -1, pwptr, plen); 4802 if (autoInherited) 4803 DumpString(SDDL_AUTO_INHERITED, -1, pwptr, plen); 4804 4805 if (pacl == NULL) 4806 return TRUE; 4807 4808 if (!IsValidAcl(pacl)) 4809 return FALSE; 4810 4811 count = pacl->AceCount; 4812 for (i = 0; i < count; i++) 4813 { 4814 LPVOID ace; 4815 if (!GetAce(pacl, i, &ace)) 4816 return FALSE; 4817 if (!DumpAce(ace, pwptr, plen)) 4818 return FALSE; 4819 } 4820 4821 return TRUE; 4822 } 4823 4824 static BOOL DumpOwner(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen) 4825 { 4826 static const WCHAR prefix[] = {'O',':',0}; 4827 BOOL bDefaulted; 4828 PSID psid; 4829 4830 if (!GetSecurityDescriptorOwner(SecurityDescriptor, &psid, &bDefaulted)) 4831 return FALSE; 4832 4833 if (psid == NULL) 4834 return TRUE; 4835 4836 DumpString(prefix, -1, pwptr, plen); 4837 if (!DumpSid(psid, pwptr, plen)) 4838 return FALSE; 4839 return TRUE; 4840 } 4841 4842 static BOOL DumpGroup(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen) 4843 { 4844 static const WCHAR prefix[] = {'G',':',0}; 4845 BOOL bDefaulted; 4846 PSID psid; 4847 4848 if (!GetSecurityDescriptorGroup(SecurityDescriptor, &psid, &bDefaulted)) 4849 return FALSE; 4850 4851 if (psid == NULL) 4852 return TRUE; 4853 4854 DumpString(prefix, -1, pwptr, plen); 4855 if (!DumpSid(psid, pwptr, plen)) 4856 return FALSE; 4857 return TRUE; 4858 } 4859 4860 static BOOL DumpDacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen) 4861 { 4862 static const WCHAR dacl[] = {'D',':',0}; 4863 SECURITY_DESCRIPTOR_CONTROL control; 4864 BOOL present, defaulted; 4865 DWORD revision; 4866 PACL pacl; 4867 4868 if (!GetSecurityDescriptorDacl(SecurityDescriptor, &present, &pacl, &defaulted)) 4869 return FALSE; 4870 4871 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision)) 4872 return FALSE; 4873 4874 if (!present) 4875 return TRUE; 4876 4877 DumpString(dacl, 2, pwptr, plen); 4878 if (!DumpAcl(pacl, pwptr, plen, control & SE_DACL_PROTECTED, control & SE_DACL_AUTO_INHERIT_REQ, control & SE_DACL_AUTO_INHERITED)) 4879 return FALSE; 4880 return TRUE; 4881 } 4882 4883 static BOOL DumpSacl(PSECURITY_DESCRIPTOR SecurityDescriptor, WCHAR **pwptr, ULONG *plen) 4884 { 4885 static const WCHAR sacl[] = {'S',':',0}; 4886 SECURITY_DESCRIPTOR_CONTROL control; 4887 BOOL present, defaulted; 4888 DWORD revision; 4889 PACL pacl; 4890 4891 if (!GetSecurityDescriptorSacl(SecurityDescriptor, &present, &pacl, &defaulted)) 4892 return FALSE; 4893 4894 if (!GetSecurityDescriptorControl(SecurityDescriptor, &control, &revision)) 4895 return FALSE; 4896 4897 if (!present) 4898 return TRUE; 4899 4900 DumpString(sacl, 2, pwptr, plen); 4901 if (!DumpAcl(pacl, pwptr, plen, control & SE_SACL_PROTECTED, control & SE_SACL_AUTO_INHERIT_REQ, control & SE_SACL_AUTO_INHERITED)) 4902 return FALSE; 4903 return TRUE; 4904 } 4905 4906 /****************************************************************************** 4907 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@] 4908 */ 4909 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorW(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION RequestedInformation, LPWSTR *OutputString, PULONG OutputLen) 4910 { 4911 ULONG len; 4912 WCHAR *wptr, *wstr; 4913 4914 if (SDRevision != SDDL_REVISION_1) 4915 { 4916 ERR("Pogram requested unknown SDDL revision %d\n", SDRevision); 4917 SetLastError(ERROR_UNKNOWN_REVISION); 4918 return FALSE; 4919 } 4920 4921 len = 0; 4922 if (RequestedInformation & OWNER_SECURITY_INFORMATION) 4923 if (!DumpOwner(SecurityDescriptor, NULL, &len)) 4924 return FALSE; 4925 if (RequestedInformation & GROUP_SECURITY_INFORMATION) 4926 if (!DumpGroup(SecurityDescriptor, NULL, &len)) 4927 return FALSE; 4928 if (RequestedInformation & DACL_SECURITY_INFORMATION) 4929 if (!DumpDacl(SecurityDescriptor, NULL, &len)) 4930 return FALSE; 4931 if (RequestedInformation & SACL_SECURITY_INFORMATION) 4932 if (!DumpSacl(SecurityDescriptor, NULL, &len)) 4933 return FALSE; 4934 4935 wstr = wptr = LocalAlloc(0, (len + 1)*sizeof(WCHAR)); 4936 if (RequestedInformation & OWNER_SECURITY_INFORMATION) 4937 if (!DumpOwner(SecurityDescriptor, &wptr, NULL)) 4938 return FALSE; 4939 if (RequestedInformation & GROUP_SECURITY_INFORMATION) 4940 if (!DumpGroup(SecurityDescriptor, &wptr, NULL)) 4941 return FALSE; 4942 if (RequestedInformation & DACL_SECURITY_INFORMATION) 4943 if (!DumpDacl(SecurityDescriptor, &wptr, NULL)) 4944 return FALSE; 4945 if (RequestedInformation & SACL_SECURITY_INFORMATION) 4946 if (!DumpSacl(SecurityDescriptor, &wptr, NULL)) 4947 return FALSE; 4948 *wptr = 0; 4949 4950 TRACE("ret: %s, %d\n", wine_dbgstr_w(wstr), len); 4951 *OutputString = wstr; 4952 if (OutputLen) 4953 *OutputLen = strlenW(*OutputString)+1; 4954 return TRUE; 4955 } 4956 4957 /****************************************************************************** 4958 * ConvertSecurityDescriptorToStringSecurityDescriptorA [ADVAPI32.@] 4959 */ 4960 BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen) 4961 { 4962 LPWSTR wstr; 4963 ULONG len; 4964 if (ConvertSecurityDescriptorToStringSecurityDescriptorW(SecurityDescriptor, SDRevision, Information, &wstr, &len)) 4965 { 4966 int lenA; 4967 4968 lenA = WideCharToMultiByte(CP_ACP, 0, wstr, len, NULL, 0, NULL, NULL); 4969 *OutputString = HeapAlloc(GetProcessHeap(), 0, lenA); 4970 WideCharToMultiByte(CP_ACP, 0, wstr, len, *OutputString, lenA, NULL, NULL); 4971 LocalFree(wstr); 4972 4973 if (OutputLen != NULL) 4974 *OutputLen = lenA; 4975 return TRUE; 4976 } 4977 else 4978 { 4979 *OutputString = NULL; 4980 if (OutputLen) 4981 *OutputLen = 0; 4982 return FALSE; 4983 } 4984 } 4985 4986 /****************************************************************************** 4987 * ConvertStringSidToSidW [ADVAPI32.@] 4988 */ 4989 BOOL WINAPI ConvertStringSidToSidW(LPCWSTR StringSid, PSID* Sid) 4990 { 4991 BOOL bret = FALSE; 4992 DWORD cBytes; 4993 4994 TRACE("%s, %p\n", debugstr_w(StringSid), Sid); 4995 if (GetVersion() & 0x80000000) 4996 SetLastError(ERROR_CALL_NOT_IMPLEMENTED); 4997 else if (!StringSid || !Sid) 4998 SetLastError(ERROR_INVALID_PARAMETER); 4999 else if (ParseStringSidToSid(StringSid, NULL, &cBytes)) 5000 { 5001 PSID pSid = *Sid = LocalAlloc(0, cBytes); 5002 5003 bret = ParseStringSidToSid(StringSid, pSid, &cBytes); 5004 if (!bret) 5005 LocalFree(*Sid); 5006 } 5007 return bret; 5008 } 5009 5010 /****************************************************************************** 5011 * ConvertStringSidToSidA [ADVAPI32.@] 5012 */ 5013 BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID* Sid) 5014 { 5015 BOOL bret = FALSE; 5016 5017 TRACE("%s, %p\n", debugstr_a(StringSid), Sid); 5018 if (GetVersion() & 0x80000000) 5019 SetLastError(ERROR_CALL_NOT_IMPLEMENTED); 5020 else if (!StringSid || !Sid) 5021 SetLastError(ERROR_INVALID_PARAMETER); 5022 else 5023 { 5024 UINT len = MultiByteToWideChar(CP_ACP, 0, StringSid, -1, NULL, 0); 5025 LPWSTR wStringSid = HeapAlloc(GetProcessHeap(), 0, 5026 len * sizeof(WCHAR)); 5027 5028 MultiByteToWideChar(CP_ACP, 0, StringSid, -1, wStringSid, len); 5029 bret = ConvertStringSidToSidW(wStringSid, Sid); 5030 HeapFree(GetProcessHeap(), 0, wStringSid); 5031 } 5032 return bret; 5033 } 5034 5035 /****************************************************************************** 5036 * ConvertSidToStringSidW [ADVAPI32.@] 5037 * 5038 * format of SID string is: 5039 * S-<count>-<auth>-<subauth1>-<subauth2>-<subauth3>... 5040 * where 5041 * <rev> is the revision of the SID encoded as decimal 5042 * <auth> is the identifier authority encoded as hex 5043 * <subauthN> is the subauthority id encoded as decimal 5044 */ 5045 BOOL WINAPI ConvertSidToStringSidW( PSID pSid, LPWSTR *pstr ) 5046 { 5047 DWORD len = 0; 5048 LPWSTR wstr, wptr; 5049 5050 TRACE("%p %p\n", pSid, pstr ); 5051 5052 len = 0; 5053 if (!DumpSidNumeric(pSid, NULL, &len)) 5054 return FALSE; 5055 wstr = wptr = LocalAlloc(0, (len+1) * sizeof(WCHAR)); 5056 DumpSidNumeric(pSid, &wptr, NULL); 5057 *wptr = 0; 5058 5059 *pstr = wstr; 5060 return TRUE; 5061 } 5062 5063 /****************************************************************************** 5064 * ConvertSidToStringSidA [ADVAPI32.@] 5065 */ 5066 BOOL WINAPI ConvertSidToStringSidA(PSID pSid, LPSTR *pstr) 5067 { 5068 LPWSTR wstr = NULL; 5069 LPSTR str; 5070 UINT len; 5071 5072 TRACE("%p %p\n", pSid, pstr ); 5073 5074 if( !ConvertSidToStringSidW( pSid, &wstr ) ) 5075 return FALSE; 5076 5077 len = WideCharToMultiByte( CP_ACP, 0, wstr, -1, NULL, 0, NULL, NULL ); 5078 str = LocalAlloc( 0, len ); 5079 WideCharToMultiByte( CP_ACP, 0, wstr, -1, str, len, NULL, NULL ); 5080 LocalFree( wstr ); 5081 5082 *pstr = str; 5083 5084 return TRUE; 5085 } 5086 5087 BOOL WINAPI ConvertToAutoInheritPrivateObjectSecurity( 5088 PSECURITY_DESCRIPTOR pdesc, 5089 PSECURITY_DESCRIPTOR cdesc, 5090 PSECURITY_DESCRIPTOR* ndesc, 5091 GUID* objtype, 5092 BOOL isdir, 5093 PGENERIC_MAPPING genmap ) 5094 { 5095 FIXME("%p %p %p %p %d %p - stub\n", pdesc, cdesc, ndesc, objtype, isdir, genmap); 5096 5097 return FALSE; 5098 } 5099 5100 BOOL WINAPI CreatePrivateObjectSecurity( 5101 PSECURITY_DESCRIPTOR ParentDescriptor, 5102 PSECURITY_DESCRIPTOR CreatorDescriptor, 5103 PSECURITY_DESCRIPTOR* NewDescriptor, 5104 BOOL IsDirectoryObject, 5105 HANDLE Token, 5106 PGENERIC_MAPPING GenericMapping ) 5107 { 5108 SECURITY_DESCRIPTOR_RELATIVE *relative; 5109 DWORD needed, offset; 5110 BYTE *buffer; 5111 5112 FIXME("%p %p %p %d %p %p - returns fake SECURITY_DESCRIPTOR\n", ParentDescriptor, 5113 CreatorDescriptor, NewDescriptor, IsDirectoryObject, Token, GenericMapping); 5114 5115 needed = sizeof(SECURITY_DESCRIPTOR_RELATIVE); 5116 needed += sizeof(sidWorld); 5117 needed += sizeof(sidWorld); 5118 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5119 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5120 5121 if (!(buffer = HeapAlloc( GetProcessHeap(), 0, needed ))) return FALSE; 5122 relative = (SECURITY_DESCRIPTOR_RELATIVE *)buffer; 5123 if (!InitializeSecurityDescriptor( relative, SECURITY_DESCRIPTOR_REVISION )) 5124 { 5125 HeapFree( GetProcessHeap(), 0, buffer ); 5126 return FALSE; 5127 } 5128 relative->Control |= SE_SELF_RELATIVE; 5129 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); 5130 5131 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); 5132 relative->Owner = offset; 5133 offset += sizeof(sidWorld); 5134 5135 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); 5136 relative->Group = offset; 5137 offset += sizeof(sidWorld); 5138 5139 GetWorldAccessACL( (ACL *)(buffer + offset) ); 5140 relative->Dacl = offset; 5141 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5142 5143 GetWorldAccessACL( (ACL *)(buffer + offset) ); 5144 relative->Sacl = offset; 5145 5146 *NewDescriptor = relative; 5147 return TRUE; 5148 } 5149 5150 BOOL WINAPI DestroyPrivateObjectSecurity( PSECURITY_DESCRIPTOR* ObjectDescriptor ) 5151 { 5152 FIXME("%p - stub\n", ObjectDescriptor); 5153 5154 HeapFree( GetProcessHeap(), 0, *ObjectDescriptor ); 5155 return TRUE; 5156 } 5157 5158 BOOL WINAPI CreateProcessAsUserA( 5159 HANDLE hToken, 5160 LPCSTR lpApplicationName, 5161 LPSTR lpCommandLine, 5162 LPSECURITY_ATTRIBUTES lpProcessAttributes, 5163 LPSECURITY_ATTRIBUTES lpThreadAttributes, 5164 BOOL bInheritHandles, 5165 DWORD dwCreationFlags, 5166 LPVOID lpEnvironment, 5167 LPCSTR lpCurrentDirectory, 5168 LPSTARTUPINFOA lpStartupInfo, 5169 LPPROCESS_INFORMATION lpProcessInformation ) 5170 { 5171 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - stub\n", hToken, debugstr_a(lpApplicationName), 5172 debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles, 5173 dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation); 5174 5175 return FALSE; 5176 } 5177 5178 BOOL WINAPI CreateProcessAsUserW( 5179 HANDLE hToken, 5180 LPCWSTR lpApplicationName, 5181 LPWSTR lpCommandLine, 5182 LPSECURITY_ATTRIBUTES lpProcessAttributes, 5183 LPSECURITY_ATTRIBUTES lpThreadAttributes, 5184 BOOL bInheritHandles, 5185 DWORD dwCreationFlags, 5186 LPVOID lpEnvironment, 5187 LPCWSTR lpCurrentDirectory, 5188 LPSTARTUPINFOW lpStartupInfo, 5189 LPPROCESS_INFORMATION lpProcessInformation ) 5190 { 5191 FIXME("%p %s %s %p %p %d 0x%08x %p %s %p %p - semi- stub\n", hToken, 5192 debugstr_w(lpApplicationName), debugstr_w(lpCommandLine), lpProcessAttributes, 5193 lpThreadAttributes, bInheritHandles, dwCreationFlags, lpEnvironment, 5194 debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation); 5195 5196 /* We should create the process with a suspended main thread */ 5197 if (!CreateProcessW (lpApplicationName, 5198 lpCommandLine, 5199 lpProcessAttributes, 5200 lpThreadAttributes, 5201 bInheritHandles, 5202 dwCreationFlags, /* CREATE_SUSPENDED */ 5203 lpEnvironment, 5204 lpCurrentDirectory, 5205 lpStartupInfo, 5206 lpProcessInformation)) 5207 { 5208 return FALSE; 5209 } 5210 5211 return TRUE; 5212 } 5213 5214 /****************************************************************************** 5215 * CreateProcessWithLogonW 5216 */ 5217 BOOL WINAPI CreateProcessWithLogonW( LPCWSTR lpUsername, LPCWSTR lpDomain, LPCWSTR lpPassword, DWORD dwLogonFlags, 5218 LPCWSTR lpApplicationName, LPWSTR lpCommandLine, DWORD dwCreationFlags, LPVOID lpEnvironment, 5219 LPCWSTR lpCurrentDirectory, LPSTARTUPINFOW lpStartupInfo, LPPROCESS_INFORMATION lpProcessInformation ) 5220 { 5221 FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain), 5222 debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName), 5223 debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory), 5224 lpStartupInfo, lpProcessInformation); 5225 5226 return FALSE; 5227 } 5228 5229 /****************************************************************************** 5230 * DuplicateTokenEx [ADVAPI32.@] 5231 */ 5232 BOOL WINAPI DuplicateTokenEx( 5233 HANDLE ExistingTokenHandle, DWORD dwDesiredAccess, 5234 LPSECURITY_ATTRIBUTES lpTokenAttributes, 5235 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, 5236 TOKEN_TYPE TokenType, 5237 PHANDLE DuplicateTokenHandle ) 5238 { 5239 OBJECT_ATTRIBUTES ObjectAttributes; 5240 5241 TRACE("%p 0x%08x 0x%08x 0x%08x %p\n", ExistingTokenHandle, dwDesiredAccess, 5242 ImpersonationLevel, TokenType, DuplicateTokenHandle); 5243 5244 InitializeObjectAttributes( 5245 &ObjectAttributes, 5246 NULL, 5247 (lpTokenAttributes && lpTokenAttributes->bInheritHandle) ? OBJ_INHERIT : 0, 5248 NULL, 5249 lpTokenAttributes ? lpTokenAttributes->lpSecurityDescriptor : NULL ); 5250 5251 return set_ntstatus( NtDuplicateToken( ExistingTokenHandle, 5252 dwDesiredAccess, 5253 &ObjectAttributes, 5254 ImpersonationLevel, 5255 TokenType, 5256 DuplicateTokenHandle ) ); 5257 } 5258 5259 BOOL WINAPI DuplicateToken( 5260 HANDLE ExistingTokenHandle, 5261 SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, 5262 PHANDLE DuplicateTokenHandle ) 5263 { 5264 return DuplicateTokenEx( ExistingTokenHandle, TOKEN_IMPERSONATE | TOKEN_QUERY, 5265 NULL, ImpersonationLevel, TokenImpersonation, 5266 DuplicateTokenHandle ); 5267 } 5268 5269 /****************************************************************************** 5270 * ComputeStringSidSize 5271 */ 5272 static DWORD ComputeStringSidSize(LPCWSTR StringSid) 5273 { 5274 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I(-S)+ */ 5275 { 5276 int ctok = 0; 5277 while (*StringSid) 5278 { 5279 if (*StringSid == '-') 5280 ctok++; 5281 StringSid++; 5282 } 5283 5284 if (ctok >= 3) 5285 return GetSidLengthRequired(ctok - 2); 5286 } 5287 else /* String constant format - Only available in winxp and above */ 5288 { 5289 unsigned int i; 5290 5291 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) 5292 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2)) 5293 return GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount); 5294 } 5295 5296 return GetSidLengthRequired(0); 5297 } 5298 5299 /****************************************************************************** 5300 * ParseStringSidToSid 5301 */ 5302 static BOOL ParseStringSidToSid(LPCWSTR StringSid, PSID pSid, LPDWORD cBytes) 5303 { 5304 BOOL bret = FALSE; 5305 SID* pisid=pSid; 5306 5307 TRACE("%s, %p, %p\n", debugstr_w(StringSid), pSid, cBytes); 5308 if (!StringSid) 5309 { 5310 SetLastError(ERROR_INVALID_PARAMETER); 5311 TRACE("StringSid is NULL, returning FALSE\n"); 5312 return FALSE; 5313 } 5314 5315 while (*StringSid == ' ') 5316 StringSid++; 5317 5318 *cBytes = ComputeStringSidSize(StringSid); 5319 if (!pisid) /* Simply compute the size */ 5320 { 5321 TRACE("only size requested, returning TRUE\n"); 5322 return TRUE; 5323 } 5324 5325 if (StringSid[0] == 'S' && StringSid[1] == '-') /* S-R-I-S-S */ 5326 { 5327 DWORD i = 0, identAuth; 5328 DWORD csubauth = ((*cBytes - GetSidLengthRequired(0)) / sizeof(DWORD)); 5329 5330 StringSid += 2; /* Advance to Revision */ 5331 pisid->Revision = atoiW(StringSid); 5332 5333 if (pisid->Revision != SDDL_REVISION) 5334 { 5335 TRACE("Revision %d is unknown\n", pisid->Revision); 5336 goto lend; /* ERROR_INVALID_SID */ 5337 } 5338 if (csubauth == 0) 5339 { 5340 TRACE("SubAuthorityCount is 0\n"); 5341 goto lend; /* ERROR_INVALID_SID */ 5342 } 5343 5344 pisid->SubAuthorityCount = csubauth; 5345 5346 /* Advance to identifier authority */ 5347 while (*StringSid && *StringSid != '-') 5348 StringSid++; 5349 if (*StringSid == '-') 5350 StringSid++; 5351 5352 /* MS' implementation can't handle values greater than 2^32 - 1, so 5353 * we don't either; assume most significant bytes are always 0 5354 */ 5355 pisid->IdentifierAuthority.Value[0] = 0; 5356 pisid->IdentifierAuthority.Value[1] = 0; 5357 identAuth = atoiW(StringSid); 5358 pisid->IdentifierAuthority.Value[5] = identAuth & 0xff; 5359 pisid->IdentifierAuthority.Value[4] = (identAuth & 0xff00) >> 8; 5360 pisid->IdentifierAuthority.Value[3] = (identAuth & 0xff0000) >> 16; 5361 pisid->IdentifierAuthority.Value[2] = (identAuth & 0xff000000) >> 24; 5362 5363 /* Advance to first sub authority */ 5364 while (*StringSid && *StringSid != '-') 5365 StringSid++; 5366 if (*StringSid == '-') 5367 StringSid++; 5368 5369 while (*StringSid) 5370 { 5371 pisid->SubAuthority[i++] = atoiW(StringSid); 5372 5373 while (*StringSid && *StringSid != '-') 5374 StringSid++; 5375 if (*StringSid == '-') 5376 StringSid++; 5377 } 5378 5379 if (i != pisid->SubAuthorityCount) 5380 goto lend; /* ERROR_INVALID_SID */ 5381 5382 bret = TRUE; 5383 } 5384 else /* String constant format - Only available in winxp and above */ 5385 { 5386 unsigned int i; 5387 pisid->Revision = SDDL_REVISION; 5388 5389 for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) 5390 if (!strncmpW(WellKnownSids[i].wstr, StringSid, 2)) 5391 { 5392 DWORD j; 5393 pisid->SubAuthorityCount = WellKnownSids[i].Sid.SubAuthorityCount; 5394 pisid->IdentifierAuthority = WellKnownSids[i].Sid.IdentifierAuthority; 5395 for (j = 0; j < WellKnownSids[i].Sid.SubAuthorityCount; j++) 5396 pisid->SubAuthority[j] = WellKnownSids[i].Sid.SubAuthority[j]; 5397 bret = TRUE; 5398 } 5399 5400 if (!bret) 5401 FIXME("String constant not supported: %s\n", debugstr_wn(StringSid, 2)); 5402 } 5403 5404 lend: 5405 if (!bret) 5406 SetLastError(ERROR_INVALID_SID); 5407 5408 TRACE("returning %s\n", bret ? "TRUE" : "FALSE"); 5409 return bret; 5410 } 5411 5412 /****************************************************************************** 5413 * GetNamedSecurityInfoA [ADVAPI32.@] 5414 */ 5415 DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, 5416 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, 5417 PSID* ppsidOwner, PSID* ppsidGroup, PACL* ppDacl, PACL* ppSacl, 5418 PSECURITY_DESCRIPTOR* ppSecurityDescriptor) 5419 { 5420 DWORD len; 5421 LPWSTR wstr = NULL; 5422 DWORD r; 5423 5424 TRACE("%s %d %d %p %p %p %p %p\n", pObjectName, ObjectType, SecurityInfo, 5425 ppsidOwner, ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor); 5426 5427 if( pObjectName ) 5428 { 5429 len = MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, NULL, 0 ); 5430 wstr = HeapAlloc( GetProcessHeap(), 0, len*sizeof(WCHAR)); 5431 MultiByteToWideChar( CP_ACP, 0, pObjectName, -1, wstr, len ); 5432 } 5433 5434 r = GetNamedSecurityInfoW( wstr, ObjectType, SecurityInfo, ppsidOwner, 5435 ppsidGroup, ppDacl, ppSacl, ppSecurityDescriptor ); 5436 5437 HeapFree( GetProcessHeap(), 0, wstr ); 5438 5439 return r; 5440 } 5441 5442 /****************************************************************************** 5443 * GetNamedSecurityInfoW [ADVAPI32.@] 5444 */ 5445 DWORD WINAPI GetNamedSecurityInfoW( LPWSTR name, SE_OBJECT_TYPE type, 5446 SECURITY_INFORMATION info, PSID* owner, PSID* group, PACL* dacl, 5447 PACL* sacl, PSECURITY_DESCRIPTOR* descriptor ) 5448 { 5449 DWORD needed, offset; 5450 SECURITY_DESCRIPTOR_RELATIVE *relative = NULL; 5451 BYTE *buffer; 5452 5453 TRACE( "%s %d %d %p %p %p %p %p\n", debugstr_w(name), type, info, owner, 5454 group, dacl, sacl, descriptor ); 5455 5456 /* A NULL descriptor is allowed if any one of the other pointers is not NULL */ 5457 if (!name || !(owner||group||dacl||sacl||descriptor) ) return ERROR_INVALID_PARAMETER; 5458 5459 /* If no descriptor, we have to check that there's a pointer for the requested information */ 5460 if( !descriptor && ( 5461 ((info & OWNER_SECURITY_INFORMATION) && !owner) 5462 || ((info & GROUP_SECURITY_INFORMATION) && !group) 5463 || ((info & DACL_SECURITY_INFORMATION) && !dacl) 5464 || ((info & SACL_SECURITY_INFORMATION) && !sacl) )) 5465 return ERROR_INVALID_PARAMETER; 5466 5467 needed = !descriptor ? 0 : sizeof(SECURITY_DESCRIPTOR_RELATIVE); 5468 if (info & OWNER_SECURITY_INFORMATION) 5469 needed += sizeof(sidWorld); 5470 if (info & GROUP_SECURITY_INFORMATION) 5471 needed += sizeof(sidWorld); 5472 if (info & DACL_SECURITY_INFORMATION) 5473 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5474 if (info & SACL_SECURITY_INFORMATION) 5475 needed += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5476 5477 if(descriptor) 5478 { 5479 /* must be freed by caller */ 5480 *descriptor = HeapAlloc( GetProcessHeap(), 0, needed ); 5481 if (!*descriptor) return ERROR_NOT_ENOUGH_MEMORY; 5482 5483 if (!InitializeSecurityDescriptor( *descriptor, SECURITY_DESCRIPTOR_REVISION )) 5484 { 5485 HeapFree( GetProcessHeap(), 0, *descriptor ); 5486 return ERROR_INVALID_SECURITY_DESCR; 5487 } 5488 5489 relative = *descriptor; 5490 relative->Control |= SE_SELF_RELATIVE; 5491 5492 buffer = (BYTE *)relative; 5493 offset = sizeof(SECURITY_DESCRIPTOR_RELATIVE); 5494 } 5495 else 5496 { 5497 buffer = HeapAlloc( GetProcessHeap(), 0, needed ); 5498 if (!buffer) return ERROR_NOT_ENOUGH_MEMORY; 5499 offset = 0; 5500 } 5501 5502 if (info & OWNER_SECURITY_INFORMATION) 5503 { 5504 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); 5505 if(relative) 5506 relative->Owner = offset; 5507 if (owner) 5508 *owner = buffer + offset; 5509 offset += sizeof(sidWorld); 5510 } 5511 if (info & GROUP_SECURITY_INFORMATION) 5512 { 5513 memcpy( buffer + offset, &sidWorld, sizeof(sidWorld) ); 5514 if(relative) 5515 relative->Group = offset; 5516 if (group) 5517 *group = buffer + offset; 5518 offset += sizeof(sidWorld); 5519 } 5520 if (info & DACL_SECURITY_INFORMATION) 5521 { 5522 GetWorldAccessACL( (PACL)(buffer + offset) ); 5523 if(relative) 5524 { 5525 relative->Control |= SE_DACL_PRESENT; 5526 relative->Dacl = offset; 5527 } 5528 if (dacl) 5529 *dacl = (PACL)(buffer + offset); 5530 offset += WINE_SIZE_OF_WORLD_ACCESS_ACL; 5531 } 5532 if (info & SACL_SECURITY_INFORMATION) 5533 { 5534 GetWorldAccessACL( (PACL)(buffer + offset) ); 5535 if(relative) 5536 { 5537 relative->Control |= SE_SACL_PRESENT; 5538 relative->Sacl = offset; 5539 } 5540 if (sacl) 5541 *sacl = (PACL)(buffer + offset); 5542 } 5543 5544 return ERROR_SUCCESS; 5545 } 5546 5547 /****************************************************************************** 5548 * GetNamedSecurityInfoExW [ADVAPI32.@] 5549 */ 5550 DWORD WINAPI GetNamedSecurityInfoExW( LPCWSTR object, SE_OBJECT_TYPE type, 5551 SECURITY_INFORMATION info, LPCWSTR provider, LPCWSTR property, 5552 PACTRL_ACCESSW* access_list, PACTRL_AUDITW* audit_list, LPWSTR* owner, LPWSTR* group ) 5553 { 5554 FIXME("(%s, %d, %d, %s, %s, %p, %p, %p, %p) stub\n", debugstr_w(object), type, info, 5555 debugstr_w(provider), debugstr_w(property), access_list, audit_list, owner, group); 5556 return ERROR_CALL_NOT_IMPLEMENTED; 5557 } 5558 5559 /****************************************************************************** 5560 * GetNamedSecurityInfoExA [ADVAPI32.@] 5561 */ 5562 DWORD WINAPI GetNamedSecurityInfoExA( LPCSTR object, SE_OBJECT_TYPE type, 5563 SECURITY_INFORMATION info, LPCSTR provider, LPCSTR property, 5564 PACTRL_ACCESSA* access_list, PACTRL_AUDITA* audit_list, LPSTR* owner, LPSTR* group ) 5565 { 5566 FIXME("(%s, %d, %d, %s, %s, %p, %p, %p, %p) stub\n", debugstr_a(object), type, info, 5567 debugstr_a(provider), debugstr_a(property), access_list, audit_list, owner, group); 5568 return ERROR_CALL_NOT_IMPLEMENTED; 5569 } 5570 5571 /****************************************************************************** 5572 * DecryptFileW [ADVAPI32.@] 5573 */ 5574 BOOL WINAPI DecryptFileW(LPCWSTR lpFileName, DWORD dwReserved) 5575 { 5576 FIXME("%s %08x\n", debugstr_w(lpFileName), dwReserved); 5577 return TRUE; 5578 } 5579 5580 /****************************************************************************** 5581 * DecryptFileA [ADVAPI32.@] 5582 */ 5583 BOOL WINAPI DecryptFileA(LPCSTR lpFileName, DWORD dwReserved) 5584 { 5585 FIXME("%s %08x\n", debugstr_a(lpFileName), dwReserved); 5586 return TRUE; 5587 } 5588 5589 /****************************************************************************** 5590 * EncryptFileW [ADVAPI32.@] 5591 */ 5592 BOOL WINAPI EncryptFileW(LPCWSTR lpFileName) 5593 { 5594 FIXME("%s\n", debugstr_w(lpFileName)); 5595 return TRUE; 5596 } 5597 5598 /****************************************************************************** 5599 * EncryptFileA [ADVAPI32.@] 5600 */ 5601 BOOL WINAPI EncryptFileA(LPCSTR lpFileName) 5602 { 5603 FIXME("%s\n", debugstr_a(lpFileName)); 5604 return TRUE; 5605 } 5606 5607 /****************************************************************************** 5608 * FileEncryptionStatusW [ADVAPI32.@] 5609 */ 5610 BOOL WINAPI FileEncryptionStatusW(LPCWSTR lpFileName, LPDWORD lpStatus) 5611 { 5612 FIXME("(%s %p): stub\n", debugstr_w(lpFileName), lpStatus); 5613 if (!lpStatus) 5614 return FALSE; 5615 *lpStatus = FILE_SYSTEM_NOT_SUPPORT; 5616 return TRUE; 5617 } 5618 5619 /****************************************************************************** 5620 * FileEncryptionStatusA [ADVAPI32.@] 5621 */ 5622 BOOL WINAPI FileEncryptionStatusA(LPCSTR lpFileName, LPDWORD lpStatus) 5623 { 5624 FIXME("(%s %p): stub\n", debugstr_a(lpFileName), lpStatus); 5625 if (!lpStatus) 5626 return FALSE; 5627 *lpStatus = FILE_SYSTEM_NOT_SUPPORT; 5628 return TRUE; 5629 } 5630 5631 /****************************************************************************** 5632 * SetSecurityInfo [ADVAPI32.@] 5633 */ 5634 DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, 5635 SECURITY_INFORMATION SecurityInfo, PSID psidOwner, 5636 PSID psidGroup, PACL pDacl, PACL pSacl) { 5637 FIXME("stub\n"); 5638 return ERROR_SUCCESS; 5639 } 5640 5641 /****************************************************************************** 5642 * SaferCreateLevel [ADVAPI32.@] 5643 */ 5644 BOOL WINAPI SaferCreateLevel(DWORD ScopeId, DWORD LevelId, DWORD OpenFlags, 5645 SAFER_LEVEL_HANDLE* LevelHandle, LPVOID lpReserved) 5646 { 5647 FIXME("(%u, %x, %u, %p, %p) stub\n", ScopeId, LevelId, OpenFlags, LevelHandle, lpReserved); 5648 5649 *LevelHandle = (SAFER_LEVEL_HANDLE)0xdeadbeef; 5650 return TRUE; 5651 } 5652 5653 /****************************************************************************** 5654 * SaferComputeTokenFromLevel [ADVAPI32.@] 5655 */ 5656 BOOL WINAPI SaferComputeTokenFromLevel(SAFER_LEVEL_HANDLE handle, HANDLE token, PHANDLE access_token, 5657 DWORD flags, LPVOID reserved) 5658 { 5659 FIXME("(%p, %p, %p, %x, %p) stub\n", handle, token, access_token, flags, reserved); 5660 5661 *access_token = (HANDLE)0xdeadbeef; 5662 return TRUE; 5663 } 5664 5665 /****************************************************************************** 5666 * SaferCloseLevel [ADVAPI32.@] 5667 */ 5668 BOOL WINAPI SaferCloseLevel(SAFER_LEVEL_HANDLE handle) 5669 { 5670 FIXME("(%p) stub\n", handle); 5671 return TRUE; 5672 } 5673 5674 DWORD WINAPI TreeResetNamedSecurityInfoW( LPWSTR pObjectName, 5675 SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, 5676 PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, 5677 BOOL KeepExplicit, FN_PROGRESS fnProgress, 5678 PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args) 5679 { 5680 FIXME("(%s, %i, %i, %p, %p, %p, %p, %i, %p, %i, %p Stub\n", 5681 debugstr_w(pObjectName), ObjectType, SecurityInfo, pOwner, pGroup, 5682 pDacl, pSacl, KeepExplicit, fnProgress, ProgressInvokeSetting, Args); 5683 5684 return ERROR_SUCCESS; 5685 } 5686 5687 /****************************************************************************** 5688 * SaferGetPolicyInformation [ADVAPI32.@] 5689 */ 5690 BOOL WINAPI SaferGetPolicyInformation(DWORD scope, SAFER_POLICY_INFO_CLASS class, DWORD size, 5691 PVOID buffer, PDWORD required, LPVOID lpReserved) 5692 { 5693 FIXME("(%u %u %u %p %p %p) stub\n", scope, class, size, buffer, required, lpReserved); 5694 return FALSE; 5695 } 5696 5697 /****************************************************************************** 5698 * SaferSetLevelInformation [ADVAPI32.@] 5699 */ 5700 BOOL WINAPI SaferSetLevelInformation(SAFER_LEVEL_HANDLE handle, SAFER_OBJECT_INFO_CLASS infotype, 5701 LPVOID buffer, DWORD size) 5702 { 5703 FIXME("(%p %u %p %u) stub\n", handle, infotype, buffer, size); 5704 return FALSE; 5705 } 5706

Wine Cross Reference wine/dlls/advapi32/security.c

Wine Cross Reference
wine/dlls/advapi32/security.c