From e4679ff7ce95ec8185b4d7245440d4c9b31a58d9 Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Mon, 19 Dec 2016 23:32:43 +0100
Subject: [PATCH] Added patch to assigns the AC abbreviation to
 WinBuiltinAnyPackageSid.

---
 ...signs-the-AC-abbreviation-to-WinBuil.patch |  26 ++
 ...dd-a-test-that-compares-a-well-known.patch | 227 ++++++++++++++++++
 .../definition                                |   1 +
 patches/patchinstall.sh                       |  21 ++
 4 files changed, 275 insertions(+)
 create mode 100644 patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch
 create mode 100644 patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch
 create mode 100644 patches/advapi32-WinBuiltinAnyPackageSid/definition

diff --git a/patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch b/patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch
new file mode 100644
index 00000000..da91c7ff
--- /dev/null
+++ b/patches/advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch
@@ -0,0 +1,26 @@
+From e71a9b9a10c2de28a617f9490c3d135b1e12adf1 Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:20:32 +0800
+Subject: advapi32: SDDL assigns the "AC" abbreviation to
+ WinBuiltinAnyPackageSid.
+
+---
+ dlls/advapi32/security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
+index 28331df..3b585aa 100644
+--- a/dlls/advapi32/security.c
++++ b/dlls/advapi32/security.c
+@@ -135,7 +135,7 @@ static const WELLKNOWNSID WellKnownSids[] =
+     { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } },
+     { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } },
+     { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } },
+-    { {0,0}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
++    { {'A','C'}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } },
+ };
+ 
+ /* these SIDs must be constructed as relative to some domain - only the RID is well-known */
+-- 
+2.9.0
+
diff --git a/patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch b/patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch
new file mode 100644
index 00000000..18fd5b1d
--- /dev/null
+++ b/patches/advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch
@@ -0,0 +1,227 @@
+From 13a60cc5ea59cc2f18ac19888fe51628f9f0774a Mon Sep 17 00:00:00 2001
+From: Dmitry Timoshkov <dmitry@baikal.ru>
+Date: Fri, 16 Dec 2016 13:23:15 +0800
+Subject: advapi32/tests: Add a test that compares a well-known SID to a SID
+ created from a SDDL abbreviation.
+
+---
+ dlls/advapi32/tests/security.c | 130 +++++++++++++++++++++++++++++------------
+ 1 file changed, 92 insertions(+), 38 deletions(-)
+
+diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
+index 18f4e04..4e1f53b 100644
+--- a/dlls/advapi32/tests/security.c
++++ b/dlls/advapi32/tests/security.c
+@@ -2,7 +2,7 @@
+  * Unit tests for security functions
+  *
+  * Copyright (c) 2004 Mike McCormack
+- * Copyright (c) 2011 Dmitry Timoshkov
++ * Copyright (c) 2011,2013,2014,2016 Dmitry Timoshkov
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -138,14 +138,6 @@ static HMODULE hmod;
+ static int     myARGC;
+ static char**  myARGV;
+ 
+-struct strsid_entry
+-{
+-    const char *str;
+-    DWORD flags;
+-};
+-#define STRSID_OK     0
+-#define STRSID_OPT    1
+-
+ #define SID_SLOTS 4
+ static char debugsid_str[SID_SLOTS][256];
+ static int debugsid_index = 0;
+@@ -175,12 +167,6 @@ static const char* debugstr_sid(PSID sid)
+     return res;
+ }
+ 
+-struct sidRef
+-{
+-    SID_IDENTIFIER_AUTHORITY auth;
+-    const char *refStr;
+-};
+-
+ static void init(void)
+ {
+     HMODULE hntdll;
+@@ -297,7 +283,11 @@ static void test_group_equal(HANDLE Handle, PSID expected, int line)
+ 
+ static void test_sid(void)
+ {
+-    struct sidRef refs[] = {
++    static struct
++    {
++        SID_IDENTIFIER_AUTHORITY auth;
++        const char *refStr;
++    } refs[] = {
+      { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
+      { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1"  },
+      { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1"     },
+@@ -305,24 +295,60 @@ static void test_sid(void)
+      { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1"         },
+      { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1"        },
+     };
+-    struct strsid_entry strsid_table[] = {
+-        {"AO", STRSID_OK},  {"RU", STRSID_OK},  {"AN", STRSID_OK},  {"AU", STRSID_OK},
+-        {"BA", STRSID_OK},  {"BG", STRSID_OK},  {"BO", STRSID_OK},  {"BU", STRSID_OK},
+-        {"CA", STRSID_OPT}, {"CG", STRSID_OK},  {"CO", STRSID_OK},  {"DA", STRSID_OPT},
+-        {"DC", STRSID_OPT}, {"DD", STRSID_OPT}, {"DG", STRSID_OPT}, {"DU", STRSID_OPT},
+-        {"EA", STRSID_OPT}, {"ED", STRSID_OK},  {"WD", STRSID_OK},  {"PA", STRSID_OPT},
+-        {"IU", STRSID_OK},  {"LA", STRSID_OK},  {"LG", STRSID_OK},  {"LS", STRSID_OK},
+-        {"SY", STRSID_OK},  {"NU", STRSID_OK},  {"NO", STRSID_OK},  {"NS", STRSID_OK},
+-        {"PO", STRSID_OK},  {"PS", STRSID_OK},  {"PU", STRSID_OK},  {"RS", STRSID_OPT},
+-        {"RD", STRSID_OK},  {"RE", STRSID_OK},  {"RC", STRSID_OK},  {"SA", STRSID_OPT},
+-        {"SO", STRSID_OK},  {"SU", STRSID_OK}};
+-
++    static const struct
++    {
++        const char *str;
++        WELL_KNOWN_SID_TYPE sid_type;
++        BOOL optional;
++    } strsid_table[] = {
++        /* Please keep the list sorted. */
++        { "AC", WinBuiltinAnyPackageSid, TRUE },
++        { "AN", WinAnonymousSid },
++        { "AO", WinBuiltinAccountOperatorsSid },
++        { "AU", WinAuthenticatedUserSid },
++        { "BA", WinBuiltinAdministratorsSid },
++        { "BG", WinBuiltinGuestsSid },
++        { "BO", WinBuiltinBackupOperatorsSid },
++        { "BU", WinBuiltinUsersSid },
++        { "CA", WinAccountCertAdminsSid, TRUE},
++        { "CG", WinCreatorGroupSid },
++        { "CO", WinCreatorOwnerSid },
++        { "DA", WinAccountDomainAdminsSid, TRUE},
++        { "DC", WinAccountComputersSid, TRUE},
++        { "DD", WinAccountControllersSid, TRUE},
++        { "DG", WinAccountDomainGuestsSid, TRUE},
++        { "DU", WinAccountDomainUsersSid, TRUE},
++        { "EA", WinAccountEnterpriseAdminsSid, TRUE},
++        { "ED", WinEnterpriseControllersSid },
++        { "IU", WinInteractiveSid },
++        { "LA", WinAccountAdministratorSid },
++        { "LG", WinAccountGuestSid },
++        { "LS", WinLocalServiceSid },
++        { "NO", WinBuiltinNetworkConfigurationOperatorsSid },
++        { "NS", WinNetworkServiceSid },
++        { "NU", WinNetworkSid },
++        { "PA", WinAccountPolicyAdminsSid, TRUE},
++        { "PO", WinBuiltinPrintOperatorsSid },
++        { "PS", WinSelfSid },
++        { "PU", WinBuiltinPowerUsersSid },
++        { "RC", WinRestrictedCodeSid },
++        { "RD", WinBuiltinRemoteDesktopUsersSid },
++        { "RE", WinBuiltinReplicatorSid },
++        { "RS", WinAccountRasAndIasServersSid, TRUE },
++        { "RU", WinBuiltinPreWindows2000CompatibleAccessSid },
++        { "SA", WinAccountSchemaAdminsSid, TRUE },
++        { "SO", WinBuiltinSystemOperatorsSid },
++        { "SU", WinServiceSid },
++        { "SY", WinLocalSystemSid },
++        { "WD", WinWorldSid },
++    };
++    SID_IDENTIFIER_AUTHORITY domain_ident = { SECURITY_NT_AUTHORITY };
+     const char noSubAuthStr[] = "S-1-5";
+     unsigned int i;
+-    PSID psid = NULL;
++    PSID psid, domain_sid;
+     SID *pisid;
+     BOOL r;
+-    LPSTR str = NULL;
++    LPSTR str;
+ 
+     if( !pConvertSidToStringSidA || !pConvertStringSidToSidA )
+     {
+@@ -402,7 +428,7 @@ static void test_sid(void)
+     }
+ 
+     /* string constant format not supported before XP */
+-    r = pConvertStringSidToSidA(strsid_table[0].str, &psid);
++    r = pConvertStringSidToSidA("AN", &psid);
+     if(!r)
+     {
+         win_skip("String constant format not supported\n");
+@@ -410,25 +436,51 @@ static void test_sid(void)
+     }
+     LocalFree(psid);
+ 
++    AllocateAndInitializeSid(&domain_ident, 4, SECURITY_NT_NON_UNIQUE, 0, 0, 0, 0, 0, 0, 0, &domain_sid);
++
+     for(i = 0; i < sizeof(strsid_table) / sizeof(strsid_table[0]); i++)
+     {
+-        char *temp;
+-
+         SetLastError(0xdeadbeef);
+         r = pConvertStringSidToSidA(strsid_table[i].str, &psid);
+ 
+-        if (!(strsid_table[i].flags & STRSID_OPT))
++        if (!(strsid_table[i].optional))
+         {
+             ok(r, "%s: got %u\n", strsid_table[i].str, GetLastError());
+         }
+ 
+         if (r)
+         {
+-            if ((winetest_debug > 1) && (pConvertSidToStringSidA(psid, &temp)))
++            char buf[SECURITY_MAX_SID_SIZE];
++            char *sid_string, *well_known_sid_string;
++            DWORD n, size;
++
++            /* zero out domain id before comparison to simplify things */
++            if (strsid_table[i].sid_type == WinAccountAdministratorSid ||
++                strsid_table[i].sid_type == WinAccountGuestSid)
+             {
+-                trace(" %s: %s\n", strsid_table[i].str, temp);
+-                LocalFree(temp);
++                for (n = 1; n <= 3; n++)
++                    *GetSidSubAuthority(psid, n) = 0;
+             }
++
++            r = pConvertSidToStringSidA(psid, &sid_string);
++            ok(r, "%s: ConvertSidToStringSid error %u\n", strsid_table[i].str, GetLastError());
++            if (winetest_debug > 1)
++                trace("%s => %s\n", strsid_table[i].str, sid_string);
++
++            size = sizeof(buf);
++            r = pCreateWellKnownSid(strsid_table[i].sid_type, domain_sid, buf, &size);
++            ok(r, "%u: CreateWellKnownSid(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++
++            r = pConvertSidToStringSidA(buf, &well_known_sid_string);
++            ok(r, "%u: ConvertSidToStringSi(%u) error %u\n", i, strsid_table[i].sid_type, GetLastError());
++            if (winetest_debug > 1)
++                trace("%u => %s\n", strsid_table[i].sid_type, well_known_sid_string);
++
++            ok(strcmp(sid_string, well_known_sid_string) == 0,
++               "%u: (%u) expected %s, got %s\n", i, strsid_table[i].sid_type, well_known_sid_string, sid_string);
++
++            LocalFree(well_known_sid_string);
++            LocalFree(sid_string);
+             LocalFree(psid);
+         }
+         else
+@@ -439,6 +491,8 @@ static void test_sid(void)
+                 trace(" %s: couldn't be converted\n", strsid_table[i].str);
+         }
+     }
++
++    LocalFree(domain_sid);
+ }
+ 
+ static void test_trustee(void)
+@@ -2288,7 +2342,7 @@ static void test_LookupAccountSid(void)
+     if (pCreateWellKnownSid && pConvertSidToStringSidA)
+     {
+         trace("Well Known SIDs:\n");
+-        for (i = 0; i <= 60; i++)
++        for (i = 0; i <= 84; i++)
+         {
+             size = SECURITY_MAX_SID_SIZE;
+             if (pCreateWellKnownSid(i, NULL, &max_sid.sid, &size))
+-- 
+2.9.0
+
diff --git a/patches/advapi32-WinBuiltinAnyPackageSid/definition b/patches/advapi32-WinBuiltinAnyPackageSid/definition
new file mode 100644
index 00000000..6886618b
--- /dev/null
+++ b/patches/advapi32-WinBuiltinAnyPackageSid/definition
@@ -0,0 +1 @@
+Fixes: [41934] Assigns the AC abbreviation to WinBuiltinAnyPackageSid
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index 5f567fab..dafa0fc9 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -89,6 +89,7 @@ patch_enable_all ()
 	enable_advapi32_GetExplicitEntriesFromAclW="$1"
 	enable_advapi32_LsaLookupSids="$1"
 	enable_advapi32_SetSecurityInfo="$1"
+	enable_advapi32_WinBuiltinAnyPackageSid="$1"
 	enable_api_ms_win_Stub_DLLs="$1"
 	enable_avifil32_AVIFileGetStream="$1"
 	enable_avifil32_AVIFile_Proxies="$1"
@@ -444,6 +445,9 @@ patch_enable ()
 		advapi32-SetSecurityInfo)
 			enable_advapi32_SetSecurityInfo="$2"
 			;;
+		advapi32-WinBuiltinAnyPackageSid)
+			enable_advapi32_WinBuiltinAnyPackageSid="$2"
+			;;
 		api-ms-win-Stub_DLLs)
 			enable_api_ms_win_Stub_DLLs="$2"
 			;;
@@ -2580,6 +2584,23 @@ if test "$enable_advapi32_SetSecurityInfo" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset advapi32-WinBuiltinAnyPackageSid
+# |
+# | This patchset fixes the following Wine bugs:
+# |   *	[#41934] Assigns the AC abbreviation to WinBuiltinAnyPackageSid
+# |
+# | Modified files:
+# |   *	dlls/advapi32/security.c, dlls/advapi32/tests/security.c
+# |
+if test "$enable_advapi32_WinBuiltinAnyPackageSid" -eq 1; then
+	patch_apply advapi32-WinBuiltinAnyPackageSid/0001-advapi32-SDDL-assigns-the-AC-abbreviation-to-WinBuil.patch
+	patch_apply advapi32-WinBuiltinAnyPackageSid/0002-advapi32-tests-Add-a-test-that-compares-a-well-known.patch
+	(
+		echo '+    { "Dmitry Timoshkov", "advapi32: SDDL assigns the \"AC\" abbreviation to WinBuiltinAnyPackageSid.", 1 },';
+		echo '+    { "Dmitry Timoshkov", "advapi32/tests: Add a test that compares a well-known SID to a SID created from a SDDL abbreviation.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset combase-RoApi
 # |
 # | Modified files: