[PATCH] advapi32: make CreateWellKnownSid create domain sids (with test)
Mikołaj Zalewski
mikolaj at zalewski.pl
Sun Oct 21 04:01:56 CDT 2007
---
dlls/advapi32/security.c | 57 +++++++++++++++++++++++++++++++++++-----
dlls/advapi32/tests/security.c | 11 +++++++-
2 files changed, 60 insertions(+), 8 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 5d33fd2..6d705f6 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -122,12 +122,37 @@ static const WELLKNOWNSID WellKnownSids[] =
{ {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
{ {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
{ {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
+ { {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
{ {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
{ {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
{ {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
{ {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
};
+/* these SIDs must be constructed as relative to some domain - only the RID is well-kown */
+typedef struct WELLKOWNRID
+{
+ WELL_KNOWN_SID_TYPE Type;
+ DWORD Rid;
+} WELLKNOWNRID;
+
+WELLKNOWNRID WellKnownRids[] = {
+ { WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
+ { WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
+ { WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
+ { WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
+ { WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
+ { WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
+ { WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
+ { WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
+ { WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
+ { WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
+ { WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
+ { WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
+ { WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
+};
+
+
static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
typedef struct _AccountSid {
@@ -784,13 +809,7 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
unsigned int i;
TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
- if (DomainSid != NULL) {
- FIXME("Only local computer supported!\n");
- SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */
- return FALSE;
- }
-
- if (cbSid == NULL || pSid == NULL) {
+ if (cbSid == NULL || pSid == NULL || (DomainSid && !IsValidSid(DomainSid))) {
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
@@ -810,6 +829,30 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
}
}
+ if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
+ {
+ SetLastError(ERROR_INVALID_PARAMETER);
+ return FALSE;
+ }
+
+ for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
+ if (WellKnownRids[i].Type == WellKnownSidType) {
+ UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
+ DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
+ DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
+
+ if (*cbSid < output_sid_length) {
+ SetLastError(ERROR_INSUFFICIENT_BUFFER);
+ return FALSE;
+ }
+
+ CopyMemory(pSid, DomainSid, domain_sid_length);
+ (*GetSidSubAuthorityCount(pSid))++;
+ (*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
+ *cbSid = output_sid_length;
+ return TRUE;
+ }
+
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 326bd01..de56398 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1128,7 +1128,7 @@ static void test_CreateWellKnownSid()
LPSTR str;
DWORD cb;
- if (value->sid_string == NULL || !value->without_domain)
+ if (value->sid_string == NULL)
continue;
if (i >= WinBuiltinTerminalServerLicenseServersSid + 1)
@@ -1150,6 +1150,15 @@ static void test_CreateWellKnownSid()
ok(strcmp(str, value->sid_string) == 0, "SID mismatch - expected %s, got %s\n",
value->sid_string, str);
LocalFree(str);
+
+ if (value->without_domain)
+ {
+ char buf2[SECURITY_MAX_SID_SIZE];
+ cb = sizeof(buf2);
+ ok(CreateWellKnownSid(i, domainsid, buf2, &cb), "Couldn't create well known sid %d with optional domain\n", i);
+ expect_eq(GetSidLengthRequired(*GetSidSubAuthorityCount(sid_buffer)), cb, DWORD, "%d");
+ ok(memcmp(buf2, sid_buffer, cb) == 0, "SID create with domain is different than without (%d)\n", i);
+ }
}
}
--
1.4.4.2
--------------020102000208020701030909--
More information about the wine-patches
mailing list