From 4ba47dbc95a5a73ef646648a3ba8dd90a1089ee8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20M=C3=BCller?= Date: Sat, 13 Jun 2015 20:45:09 +0200 Subject: advapi32: Implement GetWindowsAccountDomainSid. --- dlls/advapi32/advapi32.spec | 2 +- dlls/advapi32/security.c | 45 +++++++++++++ dlls/advapi32/tests/security.c | 78 ++++++++++++++++++++++ .../api-ms-win-security-base-l1-1-0.spec | 2 +- .../api-ms-win-security-base-l1-2-0.spec | 2 +- 5 files changed, 126 insertions(+), 3 deletions(-) diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec index 4600142..ec27440 100644 --- a/dlls/advapi32/advapi32.spec +++ b/dlls/advapi32/advapi32.spec @@ -363,7 +363,7 @@ @ stdcall GetTrusteeTypeW(ptr) @ stdcall GetUserNameA(ptr ptr) @ stdcall GetUserNameW(ptr ptr) -# @ stub GetWindowsAccountDomainSid +@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) # @ stub I_QueryTagInformation # @ stub I_ScGetCurrentGroupStateW # @ stub I_ScIsSecurityProcess diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 028dcc6..1aae1e0 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -1538,6 +1538,51 @@ BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescript pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) ); } +/****************************************************************************** + * GetWindowsAccountDomainSid [ADVAPI32.@] + */ +BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size ) +{ + SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}}; + DWORD required_size; + int i; + + FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size ); + + if (!sid || !IsValidSid( sid )) + { + SetLastError( ERROR_INVALID_SID ); + return FALSE; + } + + if (!size) + { + SetLastError( ERROR_INVALID_PARAMETER ); + return FALSE; + } + + if (*GetSidSubAuthorityCount( sid ) < 4) + { + SetLastError( ERROR_INVALID_SID ); + return FALSE; + } + + required_size = GetSidLengthRequired( 4 ); + if (*size < required_size || !domain_sid) + { + *size = required_size; + SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER ); + return FALSE; + } + + InitializeSid( domain_sid, &domain_ident, 4 ); + for (i = 0; i < 4; i++) + *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i ); + + *size = required_size; + return TRUE; +} + /* ############################## ###### ACL FUNCTIONS ###### ############################## diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index b43f212..3cc149c 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -129,6 +129,7 @@ static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECU static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG); static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*); static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN); +static BOOL (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*); static HMODULE hmod; static int myARGC; @@ -190,6 +191,7 @@ static void init(void) pConvertStringSidToSidA = (void *)GetProcAddress(hmod, "ConvertStringSidToSidA"); pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation"); pGetAce = (void *)GetProcAddress(hmod, "GetAce"); + pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid"); myARGC = winetest_get_mainargs( &myARGV ); } @@ -5835,6 +5837,81 @@ static void test_AddAce(void) ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError()); } +static void test_GetWindowsAccountDomainSid (void) +{ + char b[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES]; + char buffer1[SECURITY_MAX_SID_SIZE], buffer2[SECURITY_MAX_SID_SIZE]; + SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}}; + PSID domain_sid = (PSID *)&buffer1; + PSID domain_sid2 = (PSID *)&buffer2; + DWORD sid_size, l = sizeof(b); + PSID user_sid; + HANDLE token; + BOOL ret = TRUE; + int i; + + if (!pGetWindowsAccountDomainSid) + { + win_skip("GetWindowsAccountDomainSid not available\n"); + return; + } + + if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token)) + { + if (GetLastError() != ERROR_NO_TOKEN) ret = FALSE; + else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) ret = FALSE; + } + if (!ret) + { + win_skip("Failed to get current user token\n"); + return; + } + + GetTokenInformation(token, TokenUser, b, l, &l); + user_sid = ((TOKEN_USER *)b)->User.Sid; + CloseHandle(token); + + SetLastError(0xdeadbeef); + ret = pGetWindowsAccountDomainSid(0, 0, 0); + ok(!ret, "GetWindowsAccountDomainSid succeeded\n"); + ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %d\n", GetLastError()); + + SetLastError(0xdeadbeef); + ret = pGetWindowsAccountDomainSid(user_sid, 0, 0); + ok(!ret, "GetWindowsAccountDomainSid succeeded\n"); + ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); + + sid_size = SECURITY_MAX_SID_SIZE; + SetLastError(0xdeadbeef); + ret = pGetWindowsAccountDomainSid(user_sid, 0, &sid_size); + ok(!ret, "GetWindowsAccountDomainSid succeeded\n"); + ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); + ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size); + + SetLastError(0xdeadbeef); + ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, 0); + ok(!ret, "GetWindowsAccountDomainSid succeeded\n"); + ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); + + sid_size = 1; + SetLastError(0xdeadbeef); + ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size); + ok(!ret, "GetWindowsAccountDomainSid succeeded\n"); + ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError()); + ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size); + + SetLastError(0xdeadbeef); + sid_size = SECURITY_MAX_SID_SIZE; + ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size); + ok(ret, "GetWindowsAccountDomainSid failed with error %d\n", GetLastError()); + todo_wine ok(GetLastError() == 0xdeadbeef, "last error should not change\n"); + ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size); + InitializeSid(domain_sid2, &domain_ident, 4); + for (i = 0; i < 4; i++) + *GetSidSubAuthority(domain_sid2, i) = *GetSidSubAuthority(user_sid, i); + ok(EqualSid(domain_sid, domain_sid2), "unexpected domain sid\n"); +} + START_TEST(security) { init(); @@ -5877,4 +5954,5 @@ START_TEST(security) test_default_dacl_owner_sid(); test_AdjustTokenPrivileges(); test_AddAce(); + test_GetWindowsAccountDomainSid(); } diff --git a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec index 4277706..edae6d1 100644 --- a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec +++ b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec @@ -57,7 +57,7 @@ @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation -@ stub GetWindowsAccountDomainSid +@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf diff --git a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec index 3adef23..e19fe53 100644 --- a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec +++ b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec @@ -63,7 +63,7 @@ @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation -@ stub GetWindowsAccountDomainSid +@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf -- 2.4.2