Commit cf509c29 authored by Mikołaj Zalewski's avatar Mikołaj Zalewski Committed by Alexandre Julliard

advapi32: Make CreateWellKnownSid create domain sids (with test).

parent b06379b2
......@@ -122,12 +122,37 @@ static const WELLKNOWNSID WellKnownSids[] =
{ {0,0}, WinSChannelAuthenticationSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_PACKAGE_BASE_RID, SECURITY_PACKAGE_SCHANNEL_RID } } },
{ {0,0}, WinThisOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_THIS_ORGANIZATION_RID } } },
{ {0,0}, WinOtherOrganizationSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_OTHER_ORGANIZATION_RID } } },
{ {0,0}, WinBuiltinIncomingForestTrustBuildersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS } } },
{ {0,0}, WinBuiltinPerfMonitoringUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_MONITORING_USERS } } },
{ {0,0}, WinBuiltinPerfLoggingUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_LOGGING_USERS } } },
{ {0,0}, WinBuiltinAuthorizationAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS } } },
{ {0,0}, WinBuiltinTerminalServerLicenseServersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS } } },
};
/* these SIDs must be constructed as relative to some domain - only the RID is well-kown */
typedef struct WELLKOWNRID
{
WELL_KNOWN_SID_TYPE Type;
DWORD Rid;
} WELLKNOWNRID;
WELLKNOWNRID WellKnownRids[] = {
{ WinAccountAdministratorSid, DOMAIN_USER_RID_ADMIN },
{ WinAccountGuestSid, DOMAIN_USER_RID_GUEST },
{ WinAccountKrbtgtSid, DOMAIN_USER_RID_KRBTGT },
{ WinAccountDomainAdminsSid, DOMAIN_GROUP_RID_ADMINS },
{ WinAccountDomainUsersSid, DOMAIN_GROUP_RID_USERS },
{ WinAccountDomainGuestsSid, DOMAIN_GROUP_RID_GUESTS },
{ WinAccountComputersSid, DOMAIN_GROUP_RID_COMPUTERS },
{ WinAccountControllersSid, DOMAIN_GROUP_RID_CONTROLLERS },
{ WinAccountCertAdminsSid, DOMAIN_GROUP_RID_CERT_ADMINS },
{ WinAccountSchemaAdminsSid, DOMAIN_GROUP_RID_SCHEMA_ADMINS },
{ WinAccountEnterpriseAdminsSid, DOMAIN_GROUP_RID_ENTERPRISE_ADMINS },
{ WinAccountPolicyAdminsSid, DOMAIN_GROUP_RID_POLICY_ADMINS },
{ WinAccountRasAndIasServersSid, DOMAIN_ALIAS_RID_RAS_SERVERS },
};
static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
typedef struct _AccountSid {
......@@ -784,13 +809,7 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
unsigned int i;
TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid);
if (DomainSid != NULL) {
FIXME("Only local computer supported!\n");
SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */
return FALSE;
}
if (cbSid == NULL || pSid == NULL) {
if (cbSid == NULL || pSid == NULL || (DomainSid && !IsValidSid(DomainSid))) {
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
......@@ -810,6 +829,30 @@ CreateWellKnownSid( WELL_KNOWN_SID_TYPE WellKnownSidType,
}
}
if (DomainSid == NULL || *GetSidSubAuthorityCount(DomainSid) == SID_MAX_SUB_AUTHORITIES)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
for (i = 0; i < sizeof(WellKnownRids)/sizeof(WellKnownRids[0]); i++)
if (WellKnownRids[i].Type == WellKnownSidType) {
UCHAR domain_subauth = *GetSidSubAuthorityCount(DomainSid);
DWORD domain_sid_length = GetSidLengthRequired(domain_subauth);
DWORD output_sid_length = GetSidLengthRequired(domain_subauth + 1);
if (*cbSid < output_sid_length) {
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return FALSE;
}
CopyMemory(pSid, DomainSid, domain_sid_length);
(*GetSidSubAuthorityCount(pSid))++;
(*GetSidSubAuthority(pSid, domain_subauth)) = WellKnownRids[i].Rid;
*cbSid = output_sid_length;
return TRUE;
}
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
......
......@@ -1128,7 +1128,7 @@ static void test_CreateWellKnownSid()
LPSTR str;
DWORD cb;
if (value->sid_string == NULL || !value->without_domain)
if (value->sid_string == NULL)
continue;
if (i >= WinBuiltinTerminalServerLicenseServersSid + 1)
......@@ -1150,6 +1150,15 @@ static void test_CreateWellKnownSid()
ok(strcmp(str, value->sid_string) == 0, "SID mismatch - expected %s, got %s\n",
value->sid_string, str);
LocalFree(str);
if (value->without_domain)
{
char buf2[SECURITY_MAX_SID_SIZE];
cb = sizeof(buf2);
ok(CreateWellKnownSid(i, domainsid, buf2, &cb), "Couldn't create well known sid %d with optional domain\n", i);
expect_eq(GetSidLengthRequired(*GetSidSubAuthorityCount(sid_buffer)), cb, DWORD, "%d");
ok(memcmp(buf2, sid_buffer, cb) == 0, "SID create with domain is different than without (%d)\n", i);
}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment