Added patch to fix various issues related to advapi32.LookupAccountSidA.

patches/advapi32-LsaLookupSids/0005-advapi32-tests-Test-prefix-and-use-of-TokenPrimaryGr.patch

@@ -0,0 +1,95 @@
+From f0290aad953e988b1a15e214ecfc57f21dc136af Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 28 Apr 2015 23:28:50 +0800
+Subject: advapi32/tests: Test prefix and use of TokenPrimaryGroup Sid.
+
+---
+ dlls/advapi32/tests/security.c | 35 ++++++++++++++++++++++++++++++-----
+ 1 file changed, 30 insertions(+), 5 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index f3fc682..6a716d6 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2514,19 +2514,21 @@ static void test_granted_access(HANDLE handle, ACCESS_MASK access,
+ static void test_process_security(void)
+ {
+     BOOL res;
++    PTOKEN_USER user;
+     PTOKEN_OWNER owner;
+     PTOKEN_PRIMARY_GROUP group;
+-    PSID AdminSid = NULL, UsersSid = NULL;
++    PSID AdminSid = NULL, UsersSid = NULL, UserSid = NULL;
+     PACL Acl = NULL, ThreadAcl = NULL;
+     SECURITY_DESCRIPTOR *SecurityDescriptor = NULL, *ThreadSecurityDescriptor = NULL;
+-    char buffer[MAX_PATH];
++    char buffer[MAX_PATH], account[MAX_PATH], domain[MAX_PATH];
+     PROCESS_INFORMATION info;
+     STARTUPINFOA startup;
+     SECURITY_ATTRIBUTES psa, tsa;
+     HANDLE token, event;
+-    DWORD size;
++    DWORD size, acc_size, dom_size, ret;
+     SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
+     PSID EveryoneSid = NULL;
++    SID_NAME_USE use;
+ 
+     Acl = HeapAlloc(GetProcessHeap(), 0, 256);
+     res = InitializeAcl(Acl, 256, ACL_REVISION);
+@@ -2558,7 +2560,8 @@ static void test_process_security(void)
+     owner = HeapAlloc(GetProcessHeap(), 0, size);
+     res = GetTokenInformation( token, TokenOwner, owner, size, &size );
+     ok(res, "GetTokenInformation failed with error %d\n", GetLastError());
+-    AdminSid = ((TOKEN_OWNER*)owner)->Owner;
++    AdminSid = owner->Owner;
++    test_sid_str(AdminSid);
+ 
+     res = GetTokenInformation( token, TokenPrimaryGroup, NULL, 0, &size );
+     ok(!res, "Expected failure, got %d\n", res);
+@@ -2568,13 +2571,34 @@ static void test_process_security(void)
+     group = HeapAlloc(GetProcessHeap(), 0, size);
+     res = GetTokenInformation( token, TokenPrimaryGroup, group, size, &size );
+     ok(res, "GetTokenInformation failed with error %d\n", GetLastError());
+-    UsersSid = ((TOKEN_PRIMARY_GROUP*)group)->PrimaryGroup;
++    UsersSid = group->PrimaryGroup;
++    test_sid_str(UsersSid);
++
++    acc_size = sizeof(account);
++    dom_size = sizeof(domain);
++    ret = LookupAccountSidA( NULL, UsersSid, account, &acc_size, domain, &dom_size, &use );
++    ok(ret, "LookupAccountSid failed with %d\n", ret);
++    todo_wine ok(use == SidTypeGroup, "expect SidTypeGroup, got %d\n", use);
++    todo_wine ok(!strcmp(account, "None"), "expect None, got %s\n", account);
++
++    res = GetTokenInformation( token, TokenUser, NULL, 0, &size );
++    ok(!res, "Expected failure, got %d\n", res);
++    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
++       "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
++
++    user = HeapAlloc(GetProcessHeap(), 0, size);
++    res = GetTokenInformation( token, TokenUser, user, size, &size );
++    ok(res, "GetTokenInformation failed with error %d\n", GetLastError());
++    UserSid = user->User.Sid;
++    test_sid_str(UserSid);
++    todo_wine ok(EqualPrefixSid(UsersSid, UserSid), "TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
+ 
+     CloseHandle( token );
+     if (!res)
+     {
+         HeapFree(GetProcessHeap(), 0, group);
+         HeapFree(GetProcessHeap(), 0, owner);
++        HeapFree(GetProcessHeap(), 0, user);
+         HeapFree(GetProcessHeap(), 0, Acl);
+         return;
+     }
+@@ -2681,6 +2705,7 @@ static void test_process_security(void)
+     CloseHandle( event );
+     HeapFree(GetProcessHeap(), 0, group);
+     HeapFree(GetProcessHeap(), 0, owner);
++    HeapFree(GetProcessHeap(), 0, user);
+     HeapFree(GetProcessHeap(), 0, Acl);
+     HeapFree(GetProcessHeap(), 0, SecurityDescriptor);
+     HeapFree(GetProcessHeap(), 0, ThreadAcl);
+-- 
+2.3.5
+

patches/advapi32-LsaLookupSids/0006-server-Create-primary-group-using-DOMAIN_GROUP_RID_U.patch

@@ -0,0 +1,38 @@
+From 5487b4720e24aaa7a10719fc36bc23c851a48a9b Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 28 Apr 2015 22:35:26 +0800
+Subject: server: Create primary group using DOMAIN_GROUP_RID_USERS.
+
+---
+ dlls/advapi32/tests/security.c | 2 +-
+ server/token.c                 | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 25b34ba4..573119f 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2591,7 +2591,7 @@ static void test_process_security(void)
+     ok(res, "GetTokenInformation failed with error %d\n", GetLastError());
+     UserSid = user->User.Sid;
+     test_sid_str(UserSid);
+-    todo_wine ok(EqualPrefixSid(UsersSid, UserSid), "TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
++    ok(EqualPrefixSid(UsersSid, UserSid), "TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
+ 
+     CloseHandle( token );
+     if (!res)
+diff --git a/server/token.c b/server/token.c
+index e57cbc6..be8c53b 100644
+--- a/server/token.c
++++ b/server/token.c
+@@ -695,6 +695,7 @@ struct token *token_create_admin( void )
+             { security_local_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
+             { security_interactive_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
+             { security_authenticated_user_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
++            { security_domain_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
+             { alias_admins_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_OWNER },
+             { alias_users_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY },
+             { logon_sid, SE_GROUP_ENABLED|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_MANDATORY|SE_GROUP_LOGON_ID },
+-- 
+2.3.5
+

patches/advapi32-LsaLookupSids/0007-advapi32-Fix-name-and-use-of-DOMAIN_GROUP_RID_USERS.patch

@@ -0,0 +1,53 @@
+From 83517396c266c2de290670128d678770f5d79cc9 Mon Sep 17 00:00:00 2001
+From: Qian Hong <qhong@codeweavers.com>
+Date: Tue, 28 Apr 2015 23:00:08 +0800
+Subject: advapi32: Fix name and use of DOMAIN_GROUP_RID_USERS.
+
+---
+ dlls/advapi32/security.c       | 7 +++++--
+ dlls/advapi32/tests/security.c | 4 ++--
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index d27b2e7..2362dd5 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -191,7 +191,7 @@ static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','
+ static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
+ static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
+ static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
+-static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
++static const WCHAR None[] = { 'N','o','n','e',0 };
+ static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
+ static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
+ static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
+@@ -2206,7 +2206,10 @@ LookupAccountSidW(
+                             ac = Domain_Admins;
+                             break;
+                         case DOMAIN_GROUP_RID_USERS:
+-                            ac = Domain_Users;
++                            /* MSDN says the name of DOMAIN_GROUP_RID_USERS is Domain Users,
++                             * tests show that MSDN seems to be wrong. */
++                            ac = None;
++                            use = 2;
+                             break;
+                         case DOMAIN_GROUP_RID_GUESTS:
+                             ac = Domain_Guests;
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 573119f..490ce26 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2578,8 +2578,8 @@ static void test_process_security(void)
+     dom_size = sizeof(domain);
+     ret = LookupAccountSidA( NULL, UsersSid, account, &acc_size, domain, &dom_size, &use );
+     ok(ret, "LookupAccountSid failed with %d\n", ret);
+-    todo_wine ok(use == SidTypeGroup, "expect SidTypeGroup, got %d\n", use);
+-    todo_wine ok(!strcmp(account, "None"), "expect None, got %s\n", account);
++    ok(use == SidTypeGroup, "expect SidTypeGroup, got %d\n", use);
++    ok(!strcmp(account, "None"), "expect None, got %s\n", account);
+ 
+     res = GetTokenInformation( token, TokenUser, NULL, 0, &size );
+     ok(!res, "Expected failure, got %d\n", res);
+-- 
+2.3.5
+

patches/advapi32-LsaLookupSids/definition

@@ -0,0 +1,2 @@
+Depends: server-Misc_ACL
+Depends: server-CreateProcess_ACLs