From: Paul Gofman pgofman@codeweavers.com
--- dlls/ntdll/sec.c | 36 ++++++++++++++++++++++++++++++++++-- dlls/ntdll/tests/rtl.c | 3 --- 2 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/dlls/ntdll/sec.c b/dlls/ntdll/sec.c index e847d05955c..c1b5664cee2 100644 --- a/dlls/ntdll/sec.c +++ b/dlls/ntdll/sec.c @@ -29,7 +29,10 @@ #include "ntstatus.h" #define WIN32_NO_STATUS #include "windef.h" +#include "winbase.h" +#include "tomcrypt.h" #include "ntdll_misc.h" +#include "ddk/ntddk.h" #include "wine/exception.h" #include "wine/debug.h"
@@ -1872,7 +1875,36 @@ NTSTATUS WINAPI RtlDefaultNpAcl(PACL *pAcl) */ NTSTATUS WINAPI RtlDeriveCapabilitySidsFromName( UNICODE_STRING *cap_name, PSID cap_group_sid, PSID cap_sid ) { - FIXME( "cap_name %s, cap_group_sid %p, cap_sid %p.\n", debugstr_us(cap_name), cap_group_sid, cap_sid ); + static const SID_IDENTIFIER_AUTHORITY app_authority = { SECURITY_APP_PACKAGE_AUTHORITY }; + static const SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY }; + UNICODE_STRING cap_upcase; + hash_state hash_ctx; + NTSTATUS status; + ULONG hash[8]; + SID *sid; + + TRACE( "cap_name %s, cap_group_sid %p, cap_sid %p.\n", debugstr_us(cap_name), cap_group_sid, cap_sid ); + + if ((status = RtlUpcaseUnicodeString( &cap_upcase, cap_name, TRUE ))) return status; + sha256_init( &hash_ctx ); + sha256_process( &hash_ctx, (UCHAR *)cap_upcase.Buffer, cap_upcase.Length ); + sha256_done( &hash_ctx, (UCHAR *)hash ); + RtlFreeUnicodeString( &cap_upcase ); + + sid = cap_sid; + sid->Revision = SID_REVISION; + sid->IdentifierAuthority = app_authority; + sid->SubAuthorityCount = 2 + ARRAY_SIZE(hash); + sid->SubAuthority[0] = SECURITY_BATCH_RID; + sid->SubAuthority[1] = SECURITY_CAPABILITY_APP_RID; + memcpy( sid->SubAuthority + 2, hash, sizeof(hash) ); + + sid = cap_group_sid; + sid->Revision = SID_REVISION; + sid->IdentifierAuthority = nt_authority; + sid->SubAuthorityCount = 1 + ARRAY_SIZE(hash); + sid->SubAuthority[0] = SECURITY_BUILTIN_DOMAIN_RID; + memcpy( sid->SubAuthority + 1, hash, sizeof(hash) );
- return STATUS_NOT_SUPPORTED; + return STATUS_SUCCESS; } diff --git a/dlls/ntdll/tests/rtl.c b/dlls/ntdll/tests/rtl.c index 65c1eeab4b5..e3f3efa5bfc 100644 --- a/dlls/ntdll/tests/rtl.c +++ b/dlls/ntdll/tests/rtl.c @@ -5426,8 +5426,6 @@ static void test_RtlDeriveCapabilitySidsFromName(void) memset( sid, 0, size ); memset( group_sid, 0, size ); RtlInitUnicodeString( &cap_name, tests[i].name ); - todo_wine - { status = pRtlDeriveCapabilitySidsFromName( &cap_name, group_sid, sid ); ok( !status, "got %#lx.\n", status );
@@ -5443,7 +5441,6 @@ static void test_RtlDeriveCapabilitySidsFromName(void) ok( group_sid->SubAuthorityCount == 9, "got %u.\n", group_sid->SubAuthorityCount ); ok ( group_sid->SubAuthority[0] == SECURITY_BUILTIN_DOMAIN_RID, "got %lu.\n", group_sid->SubAuthority[0] ); ok( !memcmp( group_sid->SubAuthority + 1, tests[i].hash, sizeof(tests[i].hash) ), "mismatch.\n" ); - } winetest_pop_context(); }