advapi32: add some more well known sid support with tests
Robert Reif
reif at earthlink.net
Sat Aug 5 15:39:43 CDT 2006
-------------- next part --------------
diff -p -u -r1.143 security.c
--- dlls/advapi32/security.c 4 Aug 2006 11:30:50 -0000 1.143
+++ dlls/advapi32/security.c 5 Aug 2006 20:36:57 -0000
@@ -1,6 +1,7 @@
/*
* Copyright 1999, 2000 Juergen Schmied <juergen.schmied at debitel.net>
* Copyright 2003 CodeWeavers Inc. (Ulrich Czekalla)
+ * Copyright 2006 Robert Reif
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -135,14 +136,22 @@ static const WCHAR Backup_Operators[] =
static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
static const WCHAR Blank[] = { 0 };
static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
+static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
+static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
+static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
+static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
+static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
+static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
+static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
+static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
@@ -155,12 +164,15 @@ static const WCHAR NT_AUTHORITY[] = { 'N
static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
+static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
+static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
+static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
static const WCHAR SELF[] = { 'S','E','L','F',0 };
static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
@@ -203,6 +215,7 @@ static const AccountSid ACCOUNT_SIDS[] =
{ WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
{ WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
{ WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
+ { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
{ WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
{ WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
};
@@ -1886,8 +1899,6 @@ LookupAccountSidW(
if (dm == NULL) {
MAX_SID local;
- MAX_SID admin;
- MAX_SID guest;
/* check for the local computer next */
if (ADVAPI_GetComputerSid(&local)) {
@@ -1898,25 +1909,58 @@ LookupAccountSidW(
result = GetComputerNameW(computer_name, &size);
if (result) {
- CopySid(GetSidLengthRequired(local.SubAuthorityCount), &admin, &local);
- admin.SubAuthorityCount++;
- admin.SubAuthority[4] = DOMAIN_USER_RID_ADMIN;
- CopySid(GetSidLengthRequired(local.SubAuthorityCount), &guest, &local);
- guest.SubAuthorityCount++;
- guest.SubAuthority[4] = DOMAIN_USER_RID_GUEST;
-
if (EqualSid(sid, &local)) {
dm = computer_name;
ac = Blank;
use = 3;
- } else if (EqualSid(sid, &admin)) {
- dm = computer_name;
- ac = Administrator;
- use = 1;
- } else if (EqualSid(sid, &guest)) {
- dm = computer_name;
- ac = Guest;
- use = 1;
+ } else {
+ local.SubAuthorityCount++;
+
+ if (EqualPrefixSid(sid, &local)) {
+ dm = computer_name;
+ use = 1;
+ switch (((MAX_SID *)sid)->SubAuthority[4]) {
+ case DOMAIN_USER_RID_ADMIN:
+ ac = Administrator;
+ break;
+ case DOMAIN_USER_RID_GUEST:
+ ac = Guest;
+ break;
+ case DOMAIN_GROUP_RID_ADMINS:
+ ac = Domain_Admins;
+ break;
+ case DOMAIN_GROUP_RID_USERS:
+ ac = Domain_Users;
+ break;
+ case DOMAIN_GROUP_RID_GUESTS:
+ ac = Domain_Guests;
+ break;
+ case DOMAIN_GROUP_RID_COMPUTERS:
+ ac = Domain_Computers;
+ break;
+ case DOMAIN_GROUP_RID_CONTROLLERS:
+ ac = Domain_Controllers;
+ break;
+ case DOMAIN_GROUP_RID_CERT_ADMINS:
+ ac = Cert_Publishers;
+ break;
+ case DOMAIN_GROUP_RID_SCHEMA_ADMINS:
+ ac = Schema_Admins;
+ break;
+ case DOMAIN_GROUP_RID_ENTERPRISE_ADMINS:
+ ac = Enterprise_Admins;
+ break;
+ case DOMAIN_GROUP_RID_POLICY_ADMINS:
+ ac = Group_Policy_Creator_Owners;
+ break;
+ case DOMAIN_ALIAS_RID_RAS_SERVERS:
+ ac = RAS_and_IAS_Servers;
+ break;
+ default:
+ dm = NULL;
+ break;
+ }
+ }
}
}
}
diff -p -u -r1.35 security.c
--- dlls/advapi32/tests/security.c 4 Aug 2006 19:58:04 -0000 1.35
+++ dlls/advapi32/tests/security.c 5 Aug 2006 20:36:58 -0000
@@ -195,6 +195,7 @@ static void test_sid(void)
LocalFree( psid );
}
+ trace("String SIDs:\n");
test_str_sid("AO");
test_str_sid("RU");
test_str_sid("AN");
@@ -846,6 +847,31 @@ static void test_token_attr(void)
}
}
+typedef union _MAX_SID
+{
+ SID sid;
+ char max[SECURITY_MAX_SID_SIZE];
+} MAX_SID;
+
+static void test_sid_str(PSID * sid)
+{
+ char *str_sid;
+ BOOL ret = pConvertSidToStringSidA(sid, &str_sid);
+ ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
+ if (ret)
+ {
+ char account[MAX_PATH], domain[MAX_PATH];
+ SID_NAME_USE use;
+ DWORD acc_size = MAX_PATH;
+ DWORD dom_size = MAX_PATH;
+ ret = LookupAccountSid(NULL, sid, account, &acc_size, domain, &dom_size, &use);
+ ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
+ if (ret)
+ trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
+ LocalFree(str_sid);
+ }
+}
+
static void test_LookupAccountSid(void)
{
SID_IDENTIFIER_AUTHORITY SIDAuthNT = { SECURITY_NT_AUTHORITY };
@@ -855,11 +881,7 @@ static void test_LookupAccountSid(void)
SID_NAME_USE use;
BOOL ret;
DWORD size;
- union u
- {
- SID sid;
- char max[SECURITY_MAX_SID_SIZE];
- } max_sid;
+ MAX_SID max_sid;
char *str_sid;
int i;
@@ -931,72 +953,35 @@ static void test_LookupAccountSid(void)
if (info->DomainSid)
{
int count = *GetSidSubAuthorityCount(info->DomainSid);
- int len = GetSidLengthRequired(count);
-
- CopySid(len, &max_sid, info->DomainSid);
-
- ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
- ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
- if (ret)
- {
- acc_size = MAX_PATH;
- dom_size = MAX_PATH;
- ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
- ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
- if (ret)
- trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
- LocalFree(str_sid);
- }
-
+ CopySid(GetSidLengthRequired(count), &max_sid, info->DomainSid);
+ test_sid_str((PSID)&max_sid.sid);
max_sid.sid.SubAuthority[count] = DOMAIN_USER_RID_ADMIN;
max_sid.sid.SubAuthorityCount = count + 1;
-
- ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
- ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
- if (ret)
- {
- acc_size = MAX_PATH;
- dom_size = MAX_PATH;
- ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
- ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
- if (ret)
- trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
- LocalFree(str_sid);
- }
-
+ test_sid_str((PSID)&max_sid.sid);
max_sid.sid.SubAuthority[count] = DOMAIN_USER_RID_GUEST;
- max_sid.sid.SubAuthorityCount = count + 1;
-
- ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
- ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
- if (ret)
- {
- acc_size = MAX_PATH;
- dom_size = MAX_PATH;
- ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
- ok(ret, "LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
- if (ret)
- trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
- LocalFree(str_sid);
- }
-
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_ADMINS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_USERS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_GUESTS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_COMPUTERS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_CONTROLLERS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_CERT_ADMINS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_SCHEMA_ADMINS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_ENTERPRISE_ADMINS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_GROUP_RID_POLICY_ADMINS;
+ test_sid_str((PSID)&max_sid.sid);
+ max_sid.sid.SubAuthority[count] = DOMAIN_ALIAS_RID_RAS_SERVERS;
+ test_sid_str((PSID)&max_sid.sid);
max_sid.sid.SubAuthority[count] = 1000;
- max_sid.sid.SubAuthorityCount = count + 1;
-
- ret = pConvertSidToStringSidA(&max_sid.sid, &str_sid);
- ok(ret, "ConvertSidToStringSidA() failed: %ld\n", GetLastError());
- if (ret)
- {
- acc_size = MAX_PATH;
- dom_size = MAX_PATH;
- ret = LookupAccountSid(NULL, &max_sid.sid, account, &acc_size, domain, &dom_size, &use);
- /* this can fail if no user accounts exist */
- if (ret)
- trace(" %s %s\\%s %d\n", str_sid, domain, account, use);
- else
- trace("LookupAccountSid(%s) failed: %ld\n", str_sid, GetLastError());
- LocalFree(str_sid);
- }
+ test_sid_str((PSID)&max_sid.sid);
}
pLsaFreeMemory((LPVOID)info);
More information about the wine-patches
mailing list