From: Marcus Meissner <marcus@jet.franken.de>
Subject: [PATCH] advapi32: Implement GetWindowsAccountDomainSid.
Message-Id: <1434316132-12655-1-git-send-email-marcus@jet.franken.de>
Date: Sun, 14 Jun 2015 23:08:52 +0200

From: Michael Müller <michael@fds-team.de>

---
 dlls/advapi32/advapi32.spec                        |  2 +-
 dlls/advapi32/security.c                           | 45 +++++++++++++
 dlls/advapi32/tests/security.c                     | 78 ++++++++++++++++++++++
 .../api-ms-win-security-base-l1-1-0.spec           |  2 +-
 .../api-ms-win-security-base-l1-2-0.spec           |  2 +-
 5 files changed, 126 insertions(+), 3 deletions(-)

diff --git a/dlls/advapi32/advapi32.spec b/dlls/advapi32/advapi32.spec
index 4600142..ec27440 100644
--- a/dlls/advapi32/advapi32.spec
+++ b/dlls/advapi32/advapi32.spec
@@ -363,7 +363,7 @@
 @ stdcall GetTrusteeTypeW(ptr) 
 @ stdcall GetUserNameA(ptr ptr)
 @ stdcall GetUserNameW(ptr ptr)
-# @ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr)
 # @ stub I_QueryTagInformation
 # @ stub I_ScGetCurrentGroupStateW
 # @ stub I_ScIsSecurityProcess
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index 693d9cb..3907f97 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -1538,6 +1538,51 @@ BOOL WINAPI SetSecurityDescriptorControl( PSECURITY_DESCRIPTOR pSecurityDescript
         pSecurityDescriptor, ControlBitsOfInterest, ControlBitsToSet ) );
 }
 
+/******************************************************************************
+ * GetWindowsAccountDomainSid         [ADVAPI32.@]
+ */
+BOOL WINAPI GetWindowsAccountDomainSid( PSID sid, PSID domain_sid, DWORD *size )
+{
+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
+    DWORD required_size;
+    int i;
+
+    FIXME( "(%p %p %p): semi-stub\n", sid, domain_sid, size );
+
+    if (!sid || !IsValidSid( sid ))
+    {
+        SetLastError( ERROR_INVALID_SID );
+        return FALSE;
+    }
+
+    if (!size)
+    {
+        SetLastError( ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+
+    if (*GetSidSubAuthorityCount( sid ) < 4)
+    {
+        SetLastError( ERROR_INVALID_SID );
+        return FALSE;
+    }
+
+    required_size = GetSidLengthRequired( 4 );
+    if (*size < required_size || !domain_sid)
+    {
+        *size = required_size;
+        SetLastError( domain_sid ? ERROR_INSUFFICIENT_BUFFER : ERROR_INVALID_PARAMETER );
+        return FALSE;
+    }
+
+    InitializeSid( domain_sid, &domain_ident, 4 );
+    for (i = 0; i < 4; i++)
+        *GetSidSubAuthority( domain_sid, i ) = *GetSidSubAuthority( sid, i );
+
+    *size = required_size;
+    return TRUE;
+}
+
 /*	##############################
 	######	ACL FUNCTIONS	######
 	##############################
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index b43f212..30c2a24 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -129,6 +129,7 @@ static NTSTATUS (WINAPI *pNtSetSecurityObject)(HANDLE,SECURITY_INFORMATION,PSECU
 static NTSTATUS (WINAPI *pNtCreateFile)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
 static BOOL     (WINAPI *pRtlDosPathNameToNtPathName_U)(LPCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
 static NTSTATUS (WINAPI *pRtlAnsiStringToUnicodeString)(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
+static BOOL     (WINAPI *pGetWindowsAccountDomainSid)(PSID,PSID,DWORD*);
 
 static HMODULE hmod;
 static int     myARGC;
@@ -190,6 +191,7 @@ static void init(void)
     pConvertStringSidToSidA = (void *)GetProcAddress(hmod, "ConvertStringSidToSidA");
     pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
     pGetAce = (void *)GetProcAddress(hmod, "GetAce");
+    pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
 
     myARGC = winetest_get_mainargs( &myARGV );
 }
@@ -5835,6 +5837,81 @@ static void test_AddAce(void)
     ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
 }
 
+static void test_GetWindowsAccountDomainSid (void)
+{
+    char b[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
+    char buffer1[SECURITY_MAX_SID_SIZE], buffer2[SECURITY_MAX_SID_SIZE];
+    SID_IDENTIFIER_AUTHORITY domain_ident = {{0,0,0,0,0,5}};
+    PSID domain_sid = (PSID *)&buffer1;
+    PSID domain_sid2 = (PSID *)&buffer2;
+    DWORD sid_size, l = sizeof(b);
+    PSID user_sid;
+    HANDLE token;
+    BOOL ret = TRUE;
+    int i;
+
+    if (!pGetWindowsAccountDomainSid)
+    {
+        win_skip("GetWindowsAccountDomainSid not available\n");
+        return;
+    }
+
+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &token))
+    {
+        if (GetLastError() != ERROR_NO_TOKEN) ret = FALSE;
+        else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &token)) ret = FALSE;
+    }
+    if (!ret)
+    {
+        win_skip("Failed to get current user token\n");
+        return;
+    }
+
+    GetTokenInformation(token, TokenUser, b, l, &l);
+    user_sid = ((TOKEN_USER *)b)->User.Sid;
+    CloseHandle(token);
+
+    SetLastError(0xdeadbeef);
+    ret = pGetWindowsAccountDomainSid(0, 0, 0);
+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %d\n", GetLastError());
+
+    SetLastError(0xdeadbeef);
+    ret = pGetWindowsAccountDomainSid(user_sid, 0, 0);
+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+
+    sid_size = SECURITY_MAX_SID_SIZE;
+    SetLastError(0xdeadbeef);
+    ret = pGetWindowsAccountDomainSid(user_sid, 0, &sid_size);
+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+
+    SetLastError(0xdeadbeef);
+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, 0);
+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
+
+    sid_size = 1;
+    SetLastError(0xdeadbeef);
+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
+    ok(!ret, "GetWindowsAccountDomainSid succeeded\n");
+    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+
+    SetLastError(0xdeadbeef);
+    sid_size = SECURITY_MAX_SID_SIZE;
+    ret = pGetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
+    ok(ret, "GetWindowsAccountDomainSid failed with error %d\n", GetLastError());
+    todo_wine ok(GetLastError() == 0xdeadbeef, "last error should not change\n");
+    ok(sid_size == GetSidLengthRequired(4), "expected size %d, got %d\n", GetSidLengthRequired(4), sid_size);
+    InitializeSid(domain_sid2, &domain_ident, 4);
+    for (i = 0; i < 4; i++)
+        *GetSidSubAuthority(domain_sid2, i) = *GetSidSubAuthority(user_sid, i);
+    ok(EqualSid(domain_sid, domain_sid2), "unexpected domain sid\n");
+}
+
 START_TEST(security)
 {
     init();
@@ -5877,4 +5954,5 @@ START_TEST(security)
     test_default_dacl_owner_sid();
     test_AdjustTokenPrivileges();
     test_AddAce();
+    test_GetWindowsAccountDomainSid();
 }
diff --git a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
index 4277706..edae6d1 100644
--- a/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
+++ b/dlls/api-ms-win-security-base-l1-1-0/api-ms-win-security-base-l1-1-0.spec
@@ -57,7 +57,7 @@
 @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
 @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
 @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
-@ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
 @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
 @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
 @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf
diff --git a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
index 3adef23..e19fe53 100644
--- a/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
+++ b/dlls/api-ms-win-security-base-l1-2-0/api-ms-win-security-base-l1-2-0.spec
@@ -63,7 +63,7 @@
 @ stdcall GetSidSubAuthority(ptr long) advapi32.GetSidSubAuthority
 @ stdcall GetSidSubAuthorityCount(ptr) advapi32.GetSidSubAuthorityCount
 @ stdcall GetTokenInformation(long long ptr long ptr) advapi32.GetTokenInformation
-@ stub GetWindowsAccountDomainSid
+@ stdcall GetWindowsAccountDomainSid(ptr ptr ptr) advapi32.GetWindowsAccountDomainSid
 @ stdcall ImpersonateAnonymousToken(long) advapi32.ImpersonateAnonymousToken
 @ stdcall ImpersonateLoggedOnUser(long) advapi32.ImpersonateLoggedOnUser
 @ stdcall ImpersonateSelf(long) advapi32.ImpersonateSelf

-- 
1.8.4.5