Commit fde235da authored by Dmitry Timoshkov's avatar Dmitry Timoshkov Committed by Alexandre Julliard

kernelbase: Implement EqualDomainSid.

parent 27bf34bb
...@@ -281,7 +281,7 @@ ...@@ -281,7 +281,7 @@
@ stdcall EnumServicesStatusW (long long long ptr long ptr ptr ptr) @ stdcall EnumServicesStatusW (long long long ptr long ptr ptr ptr)
@ stdcall EnumerateTraceGuids(ptr long ptr) @ stdcall EnumerateTraceGuids(ptr long ptr)
# @ stub EnumerateTraceGuidsEx # @ stub EnumerateTraceGuidsEx
# @ stub EqualDomainSid @ stdcall -import EqualDomainSid(ptr ptr ptr)
@ stdcall -import EqualPrefixSid(ptr ptr) @ stdcall -import EqualPrefixSid(ptr ptr)
@ stdcall -import EqualSid(ptr ptr) @ stdcall -import EqualSid(ptr ptr)
# @ stub EventAccessControl # @ stub EventAccessControl
......
...@@ -130,6 +130,7 @@ static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,P ...@@ -130,6 +130,7 @@ static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,P
static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*); static BOOL (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN); static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
static BOOL (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*); static BOOL (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
static BOOL (WINAPI *pEqualDomainSid)(PSID,PSID,BOOL*);
static void (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ); static void (WINAPI *pRtlInitAnsiString)(PANSI_STRING,PCSZ);
static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING); static NTSTATUS (WINAPI *pRtlFreeUnicodeString)(PUNICODE_STRING);
static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID); static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID);
...@@ -218,6 +219,7 @@ static void init(void) ...@@ -218,6 +219,7 @@ static void init(void)
pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation"); pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
pGetAce = (void *)GetProcAddress(hmod, "GetAce"); pGetAce = (void *)GetProcAddress(hmod, "GetAce");
pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid"); pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
pEqualDomainSid = (void *)GetProcAddress(hmod, "EqualDomainSid");
pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority"); pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx"); pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx");
pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW"); pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
...@@ -7570,6 +7572,81 @@ static void test_BuildSecurityDescriptorW(void) ...@@ -7570,6 +7572,81 @@ static void test_BuildSecurityDescriptorW(void)
LocalFree(new_sd); LocalFree(new_sd);
} }
static void test_EqualDomainSid(void)
{
SID_IDENTIFIER_AUTHORITY ident = { SECURITY_NT_AUTHORITY };
char sid_buffer[SECURITY_MAX_SID_SIZE], sid_buffer2[SECURITY_MAX_SID_SIZE];
PSID domainsid, sid = sid_buffer, sid2 = sid_buffer2;
DWORD size;
BOOL ret, equal;
unsigned int i;
if (!pEqualDomainSid)
{
win_skip("EqualDomainSid not available\n");
return;
}
if (!pCreateWellKnownSid)
{
win_skip("CreateWellKnownSid not available\n");
return;
}
ret = AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
ok(ret, "AllocateAndInitializeSid error %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pEqualDomainSid(NULL, NULL, NULL);
ok(!ret, "got %d\n", ret);
ok(GetLastError() == ERROR_INVALID_SID, "got %u\n", GetLastError());
SetLastError(0xdeadbeef);
ret = pEqualDomainSid(domainsid, domainsid, NULL);
ok(!ret, "got %d\n", ret);
ok(GetLastError() == ERROR_INVALID_PARAMETER, "got %u\n", GetLastError());
for (i = 0; i < ARRAY_SIZE(well_known_sid_values); i++)
{
SID *pisid = sid;
size = sizeof(sid_buffer);
if (!pCreateWellKnownSid(i, NULL, sid, &size))
{
trace("Well known SID %u not supported\n", i);
continue;
}
equal = 0xdeadbeef;
SetLastError(0xdeadbeef);
ret = pEqualDomainSid(sid, domainsid, &equal);
if (pisid->SubAuthority[0] != SECURITY_BUILTIN_DOMAIN_RID)
{
ok(!ret, "%u: got %d\n", i, ret);
ok(GetLastError() == ERROR_NON_DOMAIN_SID, "%u: got %u\n", i, GetLastError());
ok(equal == 0xdeadbeef, "%u: got %d\n", i, equal);
continue;
}
ok(ret, "%u: got %d\n", i, ret);
ok(GetLastError() == 0, "%u: got %u\n", i, GetLastError());
ok(equal == 0, "%u: got %d\n", i, equal);
size = sizeof(sid_buffer2);
ret = pCreateWellKnownSid(i, well_known_sid_values[i].without_domain ? NULL : domainsid, sid2, &size);
ok(ret, "%u: CreateWellKnownSid error %u\n", i, GetLastError());
equal = 0xdeadbeef;
SetLastError(0xdeadbeef);
ret = pEqualDomainSid(sid, sid2, &equal);
ok(ret, "%u: got %d\n", i, ret);
ok(GetLastError() == 0, "%u: got %u\n", i, GetLastError());
ok(equal == 1, "%u: got %d\n", i, equal);
}
FreeSid(domainsid);
}
START_TEST(security) START_TEST(security)
{ {
init(); init();
...@@ -7606,6 +7683,7 @@ START_TEST(security) ...@@ -7606,6 +7683,7 @@ START_TEST(security)
test_PrivateObjectSecurity(); test_PrivateObjectSecurity();
test_acls(); test_acls();
test_GetWindowsAccountDomainSid(); test_GetWindowsAccountDomainSid();
test_EqualDomainSid();
test_GetSecurityInfo(); test_GetSecurityInfo();
test_GetSidSubAuthority(); test_GetSidSubAuthority();
test_CheckTokenMembership(); test_CheckTokenMembership();
......
...@@ -35,7 +35,7 @@ ...@@ -35,7 +35,7 @@
@ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity @ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity
@ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken @ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken
@ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx @ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx
@ stub EqualDomainSid @ stdcall EqualDomainSid(ptr ptr ptr) advapi32.EqualDomainSid
@ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid @ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid
@ stdcall EqualSid(ptr ptr) advapi32.EqualSid @ stdcall EqualSid(ptr ptr) advapi32.EqualSid
@ stdcall EventActivityIdControl(long ptr) advapi32.EventActivityIdControl @ stdcall EventActivityIdControl(long ptr) advapi32.EventActivityIdControl
......
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
@ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity @ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity
@ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken @ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken
@ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx @ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx
@ stub EqualDomainSid @ stdcall EqualDomainSid(ptr ptr ptr) advapi32.EqualDomainSid
@ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid @ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid
@ stdcall EqualSid(ptr ptr) advapi32.EqualSid @ stdcall EqualSid(ptr ptr) advapi32.EqualSid
@ stdcall FindFirstFreeAce(ptr ptr) advapi32.FindFirstFreeAce @ stdcall FindFirstFreeAce(ptr ptr) advapi32.FindFirstFreeAce
......
...@@ -38,7 +38,7 @@ ...@@ -38,7 +38,7 @@
@ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity @ stdcall DestroyPrivateObjectSecurity(ptr) advapi32.DestroyPrivateObjectSecurity
@ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken @ stdcall DuplicateToken(long long ptr) advapi32.DuplicateToken
@ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx @ stdcall DuplicateTokenEx(long long ptr long long ptr) advapi32.DuplicateTokenEx
@ stub EqualDomainSid @ stdcall EqualDomainSid(ptr ptr ptr) advapi32.EqualDomainSid
@ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid @ stdcall EqualPrefixSid(ptr ptr) advapi32.EqualPrefixSid
@ stdcall EqualSid(ptr ptr) advapi32.EqualSid @ stdcall EqualSid(ptr ptr) advapi32.EqualSid
@ stdcall FindFirstFreeAce(ptr ptr) advapi32.FindFirstFreeAce @ stdcall FindFirstFreeAce(ptr ptr) advapi32.FindFirstFreeAce
......
...@@ -323,7 +323,7 @@ ...@@ -323,7 +323,7 @@
@ stdcall EnumUILanguagesW(ptr long long) @ stdcall EnumUILanguagesW(ptr long long)
# @ stub EnumerateStateAtomValues # @ stub EnumerateStateAtomValues
# @ stub EnumerateStateContainerItems # @ stub EnumerateStateContainerItems
@ stub EqualDomainSid @ stdcall EqualDomainSid(ptr ptr ptr)
@ stdcall EqualPrefixSid(ptr ptr) @ stdcall EqualPrefixSid(ptr ptr)
@ stdcall EqualSid(ptr ptr) @ stdcall EqualSid(ptr ptr)
@ stdcall EscapeCommFunction(long long) @ stdcall EscapeCommFunction(long long)
......
...@@ -275,6 +275,61 @@ BOOL WINAPI EqualSid( PSID sid1, PSID sid2 ) ...@@ -275,6 +275,61 @@ BOOL WINAPI EqualSid( PSID sid1, PSID sid2 )
} }
/****************************************************************************** /******************************************************************************
* EqualDomainSid (kernelbase.@)
*/
BOOL WINAPI EqualDomainSid( PSID sid1, PSID sid2, BOOL *equal )
{
MAX_SID builtin_sid, domain_sid1, domain_sid2;
DWORD size;
TRACE( "(%p,%p,%p)\n", sid1, sid2, equal );
if (!IsValidSid( sid1 ) || !IsValidSid( sid2 ))
{
SetLastError( ERROR_INVALID_SID );
return FALSE;
}
if (!equal)
{
SetLastError( ERROR_INVALID_PARAMETER );
return FALSE;
}
size = sizeof(domain_sid1);
if (GetWindowsAccountDomainSid( sid1, &domain_sid1, &size ))
{
size = sizeof(domain_sid2);
if (GetWindowsAccountDomainSid( sid2, &domain_sid2, &size ))
{
*equal = EqualSid( &domain_sid1, &domain_sid2 );
SetLastError( 0 );
return TRUE;
}
}
size = sizeof(builtin_sid);
if (!CreateWellKnownSid( WinBuiltinDomainSid, NULL, &builtin_sid, &size ))
return FALSE;
if (!memcmp(GetSidIdentifierAuthority( sid1 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)) &&
!memcmp(GetSidIdentifierAuthority( sid2 )->Value, builtin_sid.IdentifierAuthority.Value, sizeof(builtin_sid.IdentifierAuthority.Value)))
{
if (*GetSidSubAuthorityCount( sid1 ) != 0 && *GetSidSubAuthorityCount( sid2 ) != 0 &&
(*GetSidSubAuthority( sid1, 0 ) == SECURITY_BUILTIN_DOMAIN_RID ||
*GetSidSubAuthority( sid2, 0 ) == SECURITY_BUILTIN_DOMAIN_RID))
{
*equal = EqualSid( sid1, sid2 );
SetLastError( 0 );
return TRUE;
}
}
SetLastError( ERROR_NON_DOMAIN_SID );
return FALSE;
}
/******************************************************************************
* FreeSid (kernelbase.@) * FreeSid (kernelbase.@)
*/ */
void * WINAPI FreeSid( PSID pSid ) void * WINAPI FreeSid( PSID pSid )
......
...@@ -2002,6 +2002,7 @@ WINBASEAPI BOOL WINAPI EnumResourceTypesW(HMODULE,ENUMRESTYPEPROCW,LONG_P ...@@ -2002,6 +2002,7 @@ WINBASEAPI BOOL WINAPI EnumResourceTypesW(HMODULE,ENUMRESTYPEPROCW,LONG_P
WINBASEAPI BOOL WINAPI EnumResourceTypesExA(HMODULE,ENUMRESTYPEPROCA,LONG_PTR,DWORD,LANGID); WINBASEAPI BOOL WINAPI EnumResourceTypesExA(HMODULE,ENUMRESTYPEPROCA,LONG_PTR,DWORD,LANGID);
WINBASEAPI BOOL WINAPI EnumResourceTypesExW(HMODULE,ENUMRESTYPEPROCW,LONG_PTR,DWORD,LANGID); WINBASEAPI BOOL WINAPI EnumResourceTypesExW(HMODULE,ENUMRESTYPEPROCW,LONG_PTR,DWORD,LANGID);
#define EnumResourceTypesEx WINELIB_NAME_AW(EnumResourceTypesEx) #define EnumResourceTypesEx WINELIB_NAME_AW(EnumResourceTypesEx)
WINADVAPI BOOL WINAPI EqualDomainSid(PSID,PSID,BOOL*);
WINADVAPI BOOL WINAPI EqualSid(PSID, PSID); WINADVAPI BOOL WINAPI EqualSid(PSID, PSID);
WINADVAPI BOOL WINAPI EqualPrefixSid(PSID,PSID); WINADVAPI BOOL WINAPI EqualPrefixSid(PSID,PSID);
WINBASEAPI DWORD WINAPI EraseTape(HANDLE,DWORD,BOOL); WINBASEAPI DWORD WINAPI EraseTape(HANDLE,DWORD,BOOL);
......
...@@ -762,6 +762,8 @@ static inline HRESULT HRESULT_FROM_WIN32(unsigned int x) ...@@ -762,6 +762,8 @@ static inline HRESULT HRESULT_FROM_WIN32(unsigned int x)
#define ERROR_NOT_SUPPORTED_ON_SBS 1254 #define ERROR_NOT_SUPPORTED_ON_SBS 1254
#define ERROR_SERVER_SHUTDOWN_IN_PROGRESS 1255 #define ERROR_SERVER_SHUTDOWN_IN_PROGRESS 1255
#define ERROR_HOST_DOWN 1256 #define ERROR_HOST_DOWN 1256
#define ERROR_NON_ACCOUNT_SID 1257
#define ERROR_NON_DOMAIN_SID 1258
#define ERROR_ACCESS_DISABLED_BY_POLICY 1260 #define ERROR_ACCESS_DISABLED_BY_POLICY 1260
#define ERROR_REG_NAT_CONSUMPTION 1261 #define ERROR_REG_NAT_CONSUMPTION 1261
#define ERROR_PKINIT_FAILURE 1263 #define ERROR_PKINIT_FAILURE 1263
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment