Module: wine Branch: master Commit: cf509c29f121e908609ec36a984839f3e0186ff0 URL: http://source.winehq.org/git/wine.git/?a=commit;h=cf509c29f121e908609ec36a98...
Author: Mikołaj Zalewski mikolaj@zalewski.pl Date: Sun Oct 21 02:01:56 2007 -0700
advapi32: Make CreateWellKnownSid create domain sids (with test).
---
dlls/advapi32/security.c | 57 +++++++++++++++++++++++++++++++++++----- dlls/advapi32/tests/security.c | 11 +++++++- 2 files changed, 60 insertions(+), 8 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 5d33fd2..79f5a3a 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -122,12 +122,37 @@ static const WELLKNOWNSID WellKnownSids[] = { {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } }, { {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } }, { {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } }, + { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } }, { {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } }, { {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } }, { {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } }, { {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } }, };
+/* these SIDs must be constructed as relative to some domain - only the RID is well-kown */ +typedef struct WELLKOWNRID +{ + WELL_KNOWN_SID_TYPE Type; + DWORD Rid; +} WELLKNOWNRID; + +WELLKNOWNRID WellKnownRids[] = { + { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN }, + { WinAccountGuestSid, DOMAIN_USER_RID_GUEST }, + { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT }, + { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS }, + { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS }, + { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS }, + { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS }, + { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS }, + { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS }, + { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS }, + { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS }, + { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS }, + { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS }, +}; + + static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
typedef struct _AccountSid { @@ -784,13 +809,7 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, unsigned int i; TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
- if (DomainSid != NULL) { - FIXME("Only local computer supported!\n"); - SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */ - return FALSE; - } - - if (cbSid == NULL || pSid == NULL) { + if (cbSid == NULL || pSid == NULL || (DomainSid && !IsValidSid(DomainSid))) { SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } @@ -810,6 +829,30 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType, } }
+ if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES) + { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + + for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++) + if (WellKnownRids[i].Type == WellKnownSidType) { + UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid); + DWORD domain_sid_length = GetSidLengthRequired(domain_subauth); + DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1); + + if (*cbSid < output_sid_length) { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + return FALSE; + } + + CopyMemory(pSid, DomainSid, domain_sid_length); + (*GetSidSubAuthorityCount(pSid))++; + (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid; + *cbSid = output_sid_length; + return TRUE; + } + SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 40b3f12..9cf409e 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -1128,7 +1128,7 @@ static void test_CreateWellKnownSid() LPSTR str; DWORD cb;
- if (value->sid_string == NULL || !value->without_domain) + if (value->sid_string == NULL) continue;
if (i >= WinBuiltinTerminalServerLicenseServersSid + 1) @@ -1150,6 +1150,15 @@ static void test_CreateWellKnownSid() ok(strcmp(str, value->sid_string) == 0, "SID mismatch - expected %s, got %s\n", value->sid_string, str); LocalFree(str); + + if (value->without_domain) + { + char buf2[SECURITY_MAX_SID_SIZE]; + cb = sizeof(buf2); + ok(CreateWellKnownSid(i, domainsid, buf2, &cb), "Couldn't create well known sid %d with optional domain\n", i); + expect_eq(GetSidLengthRequired(*GetSidSubAuthorityCount(sid_buffer)), cb, DWORD, "%d"); + ok(memcmp(buf2, sid_buffer, cb) == 0, "SID create with domain is different than without (%d)\n", i); + } } }