From 3aa965e97f46565261195735e4a5aae28ffcd0ac Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Thu, 4 May 2017 21:27:41 +0200
Subject: [PATCH] Added patch to implement TokenLogonSid stub in
 NtQueryInformationToken.

---
 ...nSid-stub-in-NtQueryInformationToken.patch | 66 +++++++++++++++++++
 patches/ntdll-TokenLogonSid/definition        |  1 +
 patches/patchinstall.sh                       | 16 +++++
 3 files changed, 83 insertions(+)
 create mode 100644 patches/ntdll-TokenLogonSid/0001-ntdll-TokenLogonSid-stub-in-NtQueryInformationToken.patch
 create mode 100644 patches/ntdll-TokenLogonSid/definition

diff --git a/patches/ntdll-TokenLogonSid/0001-ntdll-TokenLogonSid-stub-in-NtQueryInformationToken.patch b/patches/ntdll-TokenLogonSid/0001-ntdll-TokenLogonSid-stub-in-NtQueryInformationToken.patch
new file mode 100644
index 00000000..c2c5d7a2
--- /dev/null
+++ b/patches/ntdll-TokenLogonSid/0001-ntdll-TokenLogonSid-stub-in-NtQueryInformationToken.patch
@@ -0,0 +1,66 @@
+From 5e36c591d2d8a8c175afad91878909d11a92a00c Mon Sep 17 00:00:00 2001
+From: Andrew Wesie <awesie@gmail.com>
+Date: Wed, 3 May 2017 14:59:38 -0500
+Subject: ntdll: TokenLogonSid stub in NtQueryInformationToken.
+
+Signed-off-by: Andrew Wesie <awesie@gmail.com>
+---
+ dlls/ntdll/nt.c | 28 +++++++++++++++++++++++++++-
+ 1 file changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
+index a793b572211..b0473a5ffd9 100644
+--- a/dlls/ntdll/nt.c
++++ b/dlls/ntdll/nt.c
+@@ -271,6 +271,21 @@ NTSTATUS WINAPI NtQueryInformationToken(
+ 	ULONG tokeninfolength,
+ 	PULONG retlen )
+ {
++    static const struct
++    {
++        /* same fields as struct _SID */
++        BYTE Revision;
++        BYTE SubAuthorityCount;
++        SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
++        DWORD SubAuthority[SECURITY_LOGON_IDS_RID_COUNT];
++    }
++    logon_sid =
++    {
++        SID_REVISION,
++        SECURITY_LOGON_IDS_RID_COUNT,
++        {SECURITY_NT_AUTHORITY},
++        {SECURITY_LOGON_IDS_RID, 0, 0}
++    };
+     static const ULONG info_len [] =
+     {
+         0,
+@@ -301,7 +316,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
+         sizeof(TOKEN_MANDATORY_LABEL) + sizeof(SID), /* TokenIntegrityLevel [sizeof(SID) includes one SubAuthority] */
+         0,    /* TokenUIAccess */
+         0,    /* TokenMandatoryPolicy */
+-        0,    /* TokenLogonSid */
++        sizeof(TOKEN_GROUPS) + sizeof(logon_sid), /* TokenLogonSid */
+         sizeof(DWORD), /* TokenIsAppContainer */
+         0,    /* TokenCapabilities */
+         sizeof(TOKEN_APPCONTAINER_INFORMATION) + sizeof(SID), /* TokenAppContainerSid */
+@@ -569,6 +584,17 @@ NTSTATUS WINAPI NtQueryInformationToken(
+             *(DWORD*)tokeninfo = 0;
+             break;
+         }
++    case TokenLogonSid:
++        {
++            TOKEN_GROUPS *groups = tokeninfo;
++            SID *sid = (SID *)(groups + 1);
++            FIXME("QueryInformationToken( ..., TokenLogonSid, ...) semi-stub\n");
++            groups->GroupCount = 1;
++            groups->Groups[0].Sid = sid;
++            groups->Groups[0].Attributes = 0;
++            memcpy(sid, &logon_sid, sizeof(logon_sid));
++        }
++        break;
+     default:
+         {
+             ERR("Unhandled Token Information class %d!\n", tokeninfoclass);
+-- 
+2.12.2
+
diff --git a/patches/ntdll-TokenLogonSid/definition b/patches/ntdll-TokenLogonSid/definition
new file mode 100644
index 00000000..aa52b20e
--- /dev/null
+++ b/patches/ntdll-TokenLogonSid/definition
@@ -0,0 +1 @@
+Fixes: Implement TokenLogonSid stub in NtQueryInformationToken
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index d91089e2..7a236c28 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -267,6 +267,7 @@ patch_enable_all ()
 	enable_ntdll_SystemRoot_Symlink="$1"
 	enable_ntdll_ThreadTime="$1"
 	enable_ntdll_Threading="$1"
+	enable_ntdll_TokenLogonSid="$1"
 	enable_ntdll_User_Shared_Data="$1"
 	enable_ntdll_WRITECOPY="$1"
 	enable_ntdll_Wait_User_APC="$1"
@@ -1028,6 +1029,9 @@ patch_enable ()
 		ntdll-Threading)
 			enable_ntdll_Threading="$2"
 			;;
+		ntdll-TokenLogonSid)
+			enable_ntdll_TokenLogonSid="$2"
+			;;
 		ntdll-User_Shared_Data)
 			enable_ntdll_User_Shared_Data="$2"
 			;;
@@ -5893,6 +5897,18 @@ if test "$enable_ntdll_Threading" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset ntdll-TokenLogonSid
+# |
+# | Modified files:
+# |   *	dlls/ntdll/nt.c
+# |
+if test "$enable_ntdll_TokenLogonSid" -eq 1; then
+	patch_apply ntdll-TokenLogonSid/0001-ntdll-TokenLogonSid-stub-in-NtQueryInformationToken.patch
+	(
+		printf '%s\n' '+    { "Andrew Wesie", "ntdll: TokenLogonSid stub in NtQueryInformationToken.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntdll-User_Shared_Data
 # |
 # | Modified files: