advapi32-GetWindowsAccountDomainSid: Split patch and avoid test failures by using aligned memory block.

2024-09-13 09:17:20 -07:00 · 2015-06-22 03:29:51 +02:00 · 2015-06-22 03:29:51 +02:00 · 094635f160
commit 094635f160
parent 5f9893a79d
5 changed files with 285 additions and 221 deletions
--- a/patches/advapi32-GetWindowsAccountDomainSid/0001-advapi32-Implement-GetWindowsAccountDomainSid.patch
+++ b/patches/advapi32-GetWindowsAccountDomainSid/0001-advapi32-Implement-GetWindowsAccountDomainSid.patch
@ -1,219 +0,0 @@
-From 7d4405515ebce08332ad3502f125a9a41131aeaa Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
-Date: Sat, 13 Jun 2015 20:45:09 +0200
-Subject: advapi32: Implement GetWindowsAccountDomainSid.
-
---
- dlls/advapi32/advapi32.spec                        |  2 +-
- dlls/advapi32/security.c                           | 45 +++++++++++++
- dlls/advapi32/tests/security.c                     | 78 ++++++++++++++++++++++
- .../api-ms-win-security-base-l1-1-0.spec           |  2 +-
- .../api-ms-win-security-base-l1-2-0.spec           |  2 +-
- 5 files changed, 126 insertions(+), 3 deletions(-)
-
-diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
-index 4600142..ec27440 100644
--- a/dlls/advapi32/advapi32.spec
-+++ b/dlls/advapi32/advapi32.spec
-@@ -363,7 +363,7 @@
- @ stdcall GetTrusteeTypeW(ptr) 
- @ stdcall GetUserNameA(ptr ptr)
- @ stdcall GetUserNameW(ptr ptr)
-# @ stub GetWindowsAccountDomainSid
-+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
- # @ stub I_QueryTagInformation
- # @ stub I_ScGetCurrentGroupStateW
- # @ stub I_ScIsSecurityProcess
-diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
-index 028dcc6..1aae1e0 100644
--- a/dlls/advapi32/security.c
-+++ b/dlls/advapi32/security.c
-@@ -1538,6 +1538,51 @@ BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescript
-         pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
- }
- 
-+/******************************************************************************
-+ * GetWindowsAccountDomainSid         [ADVAPI32.@]
-+ */
-+BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
-+{
-+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
-+    DWORD required_size;
-+    int i;
-+
-+    FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
-+
-+    if (!sid || !IsValidSid( sid ))
-+    {
-+        SetLastError( ERROR_INVALID_SID );
-+        return FALSE;
-+    }
-+
-+    if (!size)
-+    {
-+        SetLastError( ERROR_INVALID_PARAMETER );
-+        return FALSE;
-+    }
-+
-+    if (*GetSidSubAuthorityCount( sid ) < 4)
-+    {
-+        SetLastError( ERROR_INVALID_SID );
-+        return FALSE;
-+    }
-+
-+    required_size = GetSidLengthRequired( 4 );
-+    if (*size < required_size || !domain_sid)
-+    {
-+        *size = required_size;
-+        SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
-+        return FALSE;
-+    }
-+
-+    InitializeSid( domain_sid, &domain_ident, 4 );
-+    for (i = 0; i < 4; i++)
-+        *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
-+
-+    *size = required_size;
-+    return TRUE;
-+}
-+
- /*	##############################
- 	######	ACL FUNCTIONS	######
- 	##############################
-diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
-index f141b3e..2023390 100644
--- a/dlls/advapi32/tests/security.c
-+++ b/dlls/advapi32/tests/security.c
-@@ -129,6 +129,7 @@ static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECU
- static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
- static BOOL     (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
- static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
-+static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
- 
- static HMODULE hmod;
- static int     myARGC;
-@@ -190,6 +191,7 @@ static void init(void)
-     pConvertStringSidToSidA = (void *)GetProcAddress(hmod, "ConvertStringSidToSidA");
-     pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
-     pGetAce = (void *)GetProcAddress(hmod, "GetAce");
-+    pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
- 
-     myARGC = winetest_get_mainargs( &myARGV );
- }
-@@ -5921,6 +5923,81 @@ static void test_system_security_access(void)
-     CloseHandle( token );
- }
- 
-+static void test_GetWindowsAccountDomainSid (void)
-+{
-+    char b[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
-+    char buffer1[SECURITY_MAX_SID_SIZE], buffer2[SECURITY_MAX_SID_SIZE];
-+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
-+    PSID domain_sid = (PSID *)&buffer1;
-+    PSID domain_sid2 = (PSID *)&buffer2;
-+    DWORD sid_size, l = sizeof(b);
-+    PSID user_sid;
-+    HANDLE token;
-+    BOOL ret = TRUE;
-+    int i;
-+
-+    if (!pGetWindowsAccountDomainSid)
-+    {
-+        win_skip("GetWindowsAccountDomainSid not available\n");
-+        return;
-+    }
-+
-+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
-+    {
-+        if (GetLastError() != ERROR_NO_TOKEN) ret = FALSE;
-+        else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) ret = FALSE;
-+    }
-+    if (!ret)
-+    {
-+        win_skip("Failed to get current user token\n");
-+        return;
-+    }
-+
-+    GetTokenInformation(token, TokenUser, b, l, &l);
-+    user_sid = ((TOKEN_USER *)b)->User.Sid;
-+    CloseHandle(token);
-+
-+    SetLastError(0xdeadbeef);
-+    ret = pGetWindowsAccountDomainSid(0, 0, 0);
-+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
-+    ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %d\n", GetLastError());
-+
-+    SetLastError(0xdeadbeef);
-+    ret = pGetWindowsAccountDomainSid(user_sid, 0, 0);
-+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
-+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
-+
-+    sid_size = SECURITY_MAX_SID_SIZE;
-+    SetLastError(0xdeadbeef);
-+    ret = pGetWindowsAccountDomainSid(user_sid, 0, &sid_size);
-+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
-+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
-+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
-+
-+    SetLastError(0xdeadbeef);
-+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, 0);
-+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
-+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
-+
-+    sid_size = 1;
-+    SetLastError(0xdeadbeef);
-+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
-+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
-+    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
-+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
-+
-+    SetLastError(0xdeadbeef);
-+    sid_size = SECURITY_MAX_SID_SIZE;
-+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
-+    ok(ret, "GetWindowsAccountDomainSid failed with error %d\n", GetLastError());
-+    todo_wine ok(GetLastError() == 0xdeadbeef, "last error should not change\n");
-+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
-+    InitializeSid(domain_sid2, &domain_ident, 4);
-+    for (i = 0; i < 4; i++)
-+        *GetSidSubAuthority(domain_sid2, i) = *GetSidSubAuthority(user_sid, i);
-+    ok(EqualSid(domain_sid, domain_sid2), "unexpected domain sid\n");
-+}
-+
- START_TEST(security)
- {
-     init();
-@@ -5964,4 +6041,5 @@ START_TEST(security)
-     test_AdjustTokenPrivileges();
-     test_AddAce();
-     test_system_security_access();
-+    test_GetWindowsAccountDomainSid();
- }
-diff --git a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
-index 4277706..edae6d1 100644
--- a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
-+++ b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
-@@ -57,7 +57,7 @@
- @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
- @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
- @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
-@ stub GetWindowsAccountDomainSid
-+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
- @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
- @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
- @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
-diff --git a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
-index 3adef23..e19fe53 100644
--- a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
-+++ b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
-@@ -63,7 +63,7 @@
- @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
- @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
- @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
-@ stub GetWindowsAccountDomainSid
-+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
- @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
- @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
- @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
-- 
-2.4.3
-
--- a/patches/advapi32-GetWindowsAccountDomainSid/0001-advapi32-tests-Explicitly-check-return-value-of-GetT.patch
+++ b/patches/advapi32-GetWindowsAccountDomainSid/0001-advapi32-tests-Explicitly-check-return-value-of-GetT.patch
@ -0,0 +1,26 @@
+From 57b1a192499c100392b5102872f685104951300a Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Mon, 22 Jun 2015 03:02:52 +0200
+Subject: advapi32/tests: Explicitly check return value of GetTokenInformation.
+
+---
+ dlls/advapi32/tests/security.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index f141b3e..0cb4d7f 100644
+--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
+@@ -4290,7 +4290,8 @@ static void test_GetSecurityInfo(void)
+         win_skip("Failed to get current user token\n");
+         return;
+     }
+-    GetTokenInformation(token, TokenUser, b, l, &l);
+    bret = GetTokenInformation(token, TokenUser, b, l, &l);
+    ok(bret, "GetTokenInformation(TokenUser) failed with error %d\n", GetLastError());
+     CloseHandle( token );
+     user_sid = ((TOKEN_USER *)b)->User.Sid;
+ 
+-- 
+2.4.3
+
--- a/patches/advapi32-GetWindowsAccountDomainSid/0002-advapi32-tests-Add-tests-for-GetWindowsAccountDomain.patch
+++ b/patches/advapi32-GetWindowsAccountDomainSid/0002-advapi32-tests-Add-tests-for-GetWindowsAccountDomain.patch
@ -0,0 +1,128 @@
+From d43d3c07cbe0b1d00e99b8f19b69e44036345bd3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 22 Jun 2015 03:13:27 +0200
+Subject: advapi32/tests: Add tests for GetWindowsAccountDomainSid.
+
+---
+ dlls/advapi32/tests/security.c | 84 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 84 insertions(+)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 0cb4d7f..6e37237 100644
+--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
+@@ -129,6 +129,7 @@ static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECU
+ static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
+ static BOOL     (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
+ static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
+static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
+ 
+ static HMODULE hmod;
+ static int     myARGC;
+@@ -190,6 +191,7 @@ static void init(void)
+     pConvertStringSidToSidA = (void *)GetProcAddress(hmod, "ConvertStringSidToSidA");
+     pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
+     pGetAce = (void *)GetProcAddress(hmod, "GetAce");
+    pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
+ 
+     myARGC = winetest_get_mainargs( &myARGV );
+ }
+@@ -5922,6 +5924,87 @@ static void test_system_security_access(void)
+     CloseHandle( token );
+ }
+ 
+static void test_GetWindowsAccountDomainSid(void)
+{
+    char *user, buffer1[SECURITY_MAX_SID_SIZE], buffer2[SECURITY_MAX_SID_SIZE];
+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
+    PSID domain_sid = (PSID *)&buffer1;
+    PSID domain_sid2 = (PSID *)&buffer2;
+    DWORD sid_size;
+    PSID user_sid;
+    HANDLE token;
+    BOOL bret = TRUE;
+    int i;
+
+    if (!pGetWindowsAccountDomainSid)
+    {
+        skip("GetWindowsAccountDomainSid not available\n");
+        return;
+    }
+
+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
+    {
+        if (GetLastError() != ERROR_NO_TOKEN) bret = FALSE;
+        else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) bret = FALSE;
+    }
+    if (!bret)
+    {
+        win_skip("Failed to get current user token\n");
+        return;
+    }
+
+    bret = GetTokenInformation(token, TokenUser, NULL, 0, &sid_size);
+    ok(!bret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
+        "GetTokenInformation(TokenUser) failed with error %d\n", GetLastError());
+    user = HeapAlloc(GetProcessHeap(), 0, sid_size);
+    bret = GetTokenInformation(token, TokenUser, user, sid_size, &sid_size);
+    ok(bret, "GetTokenInformation(TokenUser) failed with error %d\n", GetLastError());
+    CloseHandle(token);
+    user_sid = ((TOKEN_USER *)user)->User.Sid;
+
+    SetLastError(0xdeadbeef);
+    bret = pGetWindowsAccountDomainSid(0, 0, 0);
+    ok(!bret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %d\n", GetLastError());
+
+    SetLastError(0xdeadbeef);
+    bret = pGetWindowsAccountDomainSid(user_sid, 0, 0);
+    ok(!bret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+
+    sid_size = SECURITY_MAX_SID_SIZE;
+    SetLastError(0xdeadbeef);
+    bret = pGetWindowsAccountDomainSid(user_sid, 0, &sid_size);
+    ok(!bret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+
+    SetLastError(0xdeadbeef);
+    bret = pGetWindowsAccountDomainSid(user_sid, domain_sid, 0);
+    ok(!bret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+
+    sid_size = 1;
+    SetLastError(0xdeadbeef);
+    bret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
+    ok(!bret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+
+    SetLastError(0xdeadbeef);
+    sid_size = SECURITY_MAX_SID_SIZE;
+    bret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
+    ok(bret, "GetWindowsAccountDomainSid failed with error %d\n", GetLastError());
+    todo_wine ok(GetLastError() == 0xdeadbeef, "last error should not change\n");
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+    InitializeSid(domain_sid2, &domain_ident, 4);
+    for (i = 0; i < 4; i++)
+        *GetSidSubAuthority(domain_sid2, i) = *GetSidSubAuthority(user_sid, i);
+    ok(EqualSid(domain_sid, domain_sid2), "unexpected domain sid\n");
+
+    HeapFree(GetProcessHeap(), 0, user);
+}
+
+ START_TEST(security)
+ {
+     init();
+@@ -5953,6 +6036,7 @@ START_TEST(security)
+     test_ConvertSecurityDescriptorToString();
+     test_PrivateObjectSecurity();
+     test_acls();
+    test_GetWindowsAccountDomainSid();
+     test_GetSecurityInfo();
+     test_GetSidSubAuthority();
+     test_CheckTokenMembership();
+-- 
+2.4.3
+
--- a/patches/advapi32-GetWindowsAccountDomainSid/0003-advapi32-Add-initial-implementation-for-GetWindowsAc.patch
+++ b/patches/advapi32-GetWindowsAccountDomainSid/0003-advapi32-Add-initial-implementation-for-GetWindowsAc.patch
@ -0,0 +1,125 @@
+From d77803caf6c07cccf8e21cf065b1cc1d4d328481 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20M=C3=BCller?= <michael@fds-team.de>
+Date: Mon, 22 Jun 2015 03:18:53 +0200
+Subject: advapi32: Add initial implementation for GetWindowsAccountDomainSid.
+
+---
+ dlls/advapi32/advapi32.spec                        |  2 +-
+ dlls/advapi32/security.c                           | 46 ++++++++++++++++++++++
+ dlls/advapi32/tests/security.c                     |  2 +-
+ .../api-ms-win-security-base-l1-1-0.spec           |  2 +-
+ .../api-ms-win-security-base-l1-2-0.spec           |  2 +-
+ 5 files changed, 50 insertions(+), 4 deletions(-)
+
+diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
+index 4600142..ec27440 100644
+--- a/dlls/advapi32/advapi32.spec
+++ b/dlls/advapi32/advapi32.spec
+@@ -363,7 +363,7 @@
+ @ stdcall GetTrusteeTypeW(ptr) 
+ @ stdcall GetUserNameA(ptr ptr)
+ @ stdcall GetUserNameW(ptr ptr)
+-# @ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
+ # @ stub I_QueryTagInformation
+ # @ stub I_ScGetCurrentGroupStateW
+ # @ stub I_ScIsSecurityProcess
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 028dcc6..07985d4 100644
+--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
+@@ -1538,6 +1538,52 @@ BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescript
+         pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
+ }
+ 
+/******************************************************************************
+ * GetWindowsAccountDomainSid         [ADVAPI32.@]
+ */
+BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
+{
+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
+    DWORD required_size;
+    int i;
+
+    FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
+
+    if (!sid || !IsValidSid( sid ))
+    {
+        SetLastError( ERROR_INVALID_SID );
+        return FALSE;
+    }
+
+    if (!size)
+    {
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+
+    if (*GetSidSubAuthorityCount( sid ) < 4)
+    {
+        SetLastError( ERROR_INVALID_SID );
+        return FALSE;
+    }
+
+    required_size = GetSidLengthRequired( 4 );
+    if (*size < required_size || !domain_sid)
+    {
+        *size = required_size;
+        SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER :
+                                   ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+
+    InitializeSid( domain_sid, &domain_ident, 4 );
+    for (i = 0; i < 4; i++)
+        *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
+
+    *size = required_size;
+    return TRUE;
+}
+
+ /*	##############################
+ 	######	ACL FUNCTIONS	######
+ 	##############################
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 6e37237..93f18e5 100644
+--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
+@@ -5938,7 +5938,7 @@ static void test_GetWindowsAccountDomainSid(void)
+ 
+     if (!pGetWindowsAccountDomainSid)
+     {
+-        skip("GetWindowsAccountDomainSid not available\n");
+        win_skip("GetWindowsAccountDomainSid not available\n");
+         return;
+     }
+ 
+diff --git a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
+index 4277706..edae6d1 100644
+--- a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
+++ b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
+@@ -57,7 +57,7 @@
+ @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
+ @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
+ @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
+-@ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
+ @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
+ @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
+ @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
+diff --git a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
+index 3adef23..e19fe53 100644
+--- a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
+++ b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
+@@ -63,7 +63,7 @@
+ @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
+ @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
+ @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
+-@ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
+ @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
+ @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
+ @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
+-- 
+2.4.3
+
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@ -2035,9 +2035,13 @@ fi
 # | 	base-l1-2-0.spec
 # |
 if test "$enable_advapi32_GetWindowsAccountDomainSid" -eq 1; then
-	patch_apply advapi32-GetWindowsAccountDomainSid/0001-advapi32-Implement-GetWindowsAccountDomainSid.patch
+	patch_apply advapi32-GetWindowsAccountDomainSid/0001-advapi32-tests-Explicitly-check-return-value-of-GetT.patch
+	patch_apply advapi32-GetWindowsAccountDomainSid/0002-advapi32-tests-Add-tests-for-GetWindowsAccountDomain.patch
+	patch_apply advapi32-GetWindowsAccountDomainSid/0003-advapi32-Add-initial-implementation-for-GetWindowsAc.patch
 	(
-		echo '+    { "Michael Müller", "advapi32: Implement GetWindowsAccountDomainSid.", 1 },';
+		echo '+    { "Sebastian Lackner", "advapi32/tests: Explicitly check return value of GetTokenInformation.", 1 },';
+		echo '+    { "Michael Müller", "advapi32/tests: Add tests for GetWindowsAccountDomainSid.", 1 },';
+		echo '+    { "Michael Müller", "advapi32: Add initial implementation for GetWindowsAccountDomainSid.", 1 },';
 	) >> "$patchlist"
 fi