advapi32: add some more well known sid support with tests

Sat Aug 5 15:39:43 CDT 2006

-------------- next part --------------
diff -p -u -r1.143 security.c

--- dlls/advapi32/security.c	4 Aug 2006 11:30:50 -0000	1.143
+++ dlls/advapi32/security.c	5 Aug 2006 20:36:57 -0000
@@ -1,6 +1,7 @@
 /*
  * Copyright 1999, 2000 Juergen Schmied <juergen.schmied at debitel.net>
  * Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
+ * Copyright 2006 Robert Reif
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -135,14 +136,22 @@ static const WCHAR Backup_Operators[] = 
 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
 static const WCHAR Blank[] = { 0 };
 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
+static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
+static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
+static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
+static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
+static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
+static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
+static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
+static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
@@ -155,12 +164,15 @@ static const WCHAR NT_AUTHORITY[] = { 'N
 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
+static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
+static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
+static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
 static const WCHAR SELF[] = { 'S','E','L','F',0 };
 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
@@ -203,6 +215,7 @@ static const AccountSid ACCOUNT_SIDS[] =
     { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
     { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
     { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
+    { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
     { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
     { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
 };
@@ -1886,8 +1899,6 @@ LookupAccountSidW(
 
     if (dm == NULL) {
         MAX_SID local;
-        MAX_SID admin;
-        MAX_SID guest;
 
         /* check for the local computer next */
         if (ADVAPI_GetComputerSid(&local)) {
@@ -1898,25 +1909,58 @@ LookupAccountSidW(
             result = GetComputerNameW(computer_name,  &size);
 
             if (result) {
-                CopySid(GetSidLengthRequired(local.SubAuthorityCount), &admin, &local);
-                admin.SubAuthorityCount++;
-                admin.SubAuthority[4] = DOMAIN_USER_RID_ADMIN;
-                CopySid(GetSidLengthRequired(local.SubAuthorityCount), &guest, &local);
-                guest.SubAuthorityCount++;
-                guest.SubAuthority[4] = DOMAIN_USER_RID_GUEST;
-
                 if (EqualSid(sid, &local)) {
                     dm = computer_name;
                     ac = Blank;
                     use = 3;
-                } else if (EqualSid(sid, &admin)) {
-                    dm = computer_name;
-                    ac = Administrator;
-                    use = 1;
-                } else if (EqualSid(sid, &guest)) {
-                    dm = computer_name;
-                    ac = Guest;
-                    use = 1;
+                } else {
+                    local.SubAuthorityCount++;
+
+                    if (EqualPrefixSid(sid, &local)) {
+                        dm = computer_name;
+                        use = 1;
+                        switch (((MAX_SID *)sid)->SubAuthority[4]) {
+                        case DOMAIN_USER_RID_ADMIN:
+                            ac = Administrator;
+                            break;
+                        case DOMAIN_USER_RID_GUEST:
+                            ac = Guest;
+                            break;
+                        case DOMAIN_GROUP_RID_ADMINS:
+                            ac = Domain_Admins;
+                            break;
+                        case DOMAIN_GROUP_RID_USERS:
+                            ac = Domain_Users;
+                            break;
+                        case DOMAIN_GROUP_RID_GUESTS:
+                            ac = Domain_Guests;
+                            break;
+                        case DOMAIN_GROUP_RID_COMPUTERS:
+                            ac = Domain_Computers;
+                            break;
+                        case DOMAIN_GROUP_RID_CONTROLLERS:
+                            ac = Domain_Controllers;
+                            break;
+                        case DOMAIN_GROUP_RID_CERT_ADMINS:
+                            ac = Cert_Publishers;
+                            break;
+                        case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
+                            ac = Schema_Admins;
+                            break;
+                        case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
+                            ac = Enterprise_Admins;
+                            break;
+                        case DOMAIN_GROUP_RID_POLICY_ADMINS:
+                            ac = Group_Policy_Creator_Owners;
+                            break;
+                        case DOMAIN_ALIAS_RID_RAS_SERVERS:
+                            ac = RAS_and_IAS_Servers;
+                            break;
+                        default:
+                            dm = NULL;
+                            break;
+                        }
+                    }
                 }
             }
         }
diff -p -u -r1.35 security.c
--- dlls/advapi32/tests/security.c	4 Aug 2006 19:58:04 -0000	1.35
+++ dlls/advapi32/tests/security.c	5 Aug 2006 20:36:58 -0000
@@ -195,6 +195,7 @@ static void test_sid(void)
             LocalFree( psid );
     }
 
+    trace("String SIDs:\n");
     test_str_sid("AO");
     test_str_sid("RU");
     test_str_sid("AN");
@@ -846,6 +847,31 @@ static void test_token_attr(void)
     }
 }
 
+typedef union _MAX_SID
+{
+    SID sid;
+    char max[SECURITY_MAX_SID_SIZE];
+} MAX_SID;
+
+static void test_sid_str(PSID * sid)
+{
+    char *str_sid;
+    BOOL ret = pConvertSidToStringSidA(sid, &str_sid);
+    ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
+    if (ret)
+    {
+        char account[MAX_PATH], domain[MAX_PATH];
+        SID_NAME_USE use;
+        DWORD acc_size = MAX_PATH;
+        DWORD dom_size = MAX_PATH;
+        ret = LookupAccountSid(NULL, sid, account, &acc_size, domain, &dom_size, &use);
+        ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
+        if (ret)
+            trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
+        LocalFree(str_sid);
+    }
+}
+
 static void test_LookupAccountSid(void)
 {
     SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
@@ -855,11 +881,7 @@ static void test_LookupAccountSid(void)
     SID_NAME_USE use;
     BOOL ret;
     DWORD size;
-    union u
-    {
-        SID sid;
-        char max[SECURITY_MAX_SID_SIZE];
-    } max_sid;
+    MAX_SID  max_sid;
     char *str_sid;
     int i;
 
@@ -931,72 +953,35 @@ static void test_LookupAccountSid(void)
                     if (info->DomainSid)
                     {
                         int count = *GetSidSubAuthorityCount(info->DomainSid);
-                        int len = GetSidLengthRequired(count);
-
-                        CopySid(len, &max_sid, info->DomainSid);
-
-                        ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
-                        ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
-                        if (ret)
-                        {
-                            acc_size = MAX_PATH;
-                            dom_size = MAX_PATH;
-                            ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
-                            ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
-                            if (ret)
-                                trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
-                            LocalFree(str_sid);
-                        }
-
+                        CopySid(GetSidLengthRequired(count), &max_sid, info->DomainSid);
+                        test_sid_str((PSID)&max_sid.sid);
                         max_sid.sid.SubAuthority[count] = DOMAIN_USER_RID_ADMIN;
                         max_sid.sid.SubAuthorityCount = count + 1;
-
-                        ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
-                        ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
-                        if (ret)
-                        {
-                            acc_size = MAX_PATH;
-                            dom_size = MAX_PATH;
-                            ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
-                            ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
-                            if (ret)
-                                trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
-                            LocalFree(str_sid);
-                        }
-
+                        test_sid_str((PSID)&max_sid.sid);
                         max_sid.sid.SubAuthority[count] = DOMAIN_USER_RID_GUEST;
-                        max_sid.sid.SubAuthorityCount = count + 1;
-
-                        ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
-                        ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
-                        if (ret)
-                        {
-                            acc_size = MAX_PATH;
-                            dom_size = MAX_PATH;
-                            ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
-                            ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
-                            if (ret)
-                                trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
-                            LocalFree(str_sid);
-                        }
-
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_ADMINS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_USERS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_GUESTS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_COMPUTERS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_CONTROLLERS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_CERT_ADMINS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_SCHEMA_ADMINS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_ENTERPRISE_ADMINS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_POLICY_ADMINS;
+                        test_sid_str((PSID)&max_sid.sid);
+                        max_sid.sid.SubAuthority[count] = DOMAIN_ALIAS_RID_RAS_SERVERS;
+                        test_sid_str((PSID)&max_sid.sid);
                         max_sid.sid.SubAuthority[count] = 1000;
-                        max_sid.sid.SubAuthorityCount = count + 1;
-
-                        ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
-                        ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
-                        if (ret)
-                        {
-                            acc_size = MAX_PATH;
-                            dom_size = MAX_PATH;
-                            ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
-                            /* this can fail if no user accounts exist */
-                            if (ret)
-                                trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
-                            else
-                                trace("LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
-                            LocalFree(str_sid);
-                        }
+                        test_sid_str((PSID)&max_sid.sid);
                     }
 
                     pLsaFreeMemory((LPVOID)info);
