diff --git a/reactos/dll/win32/advapi32/misc/logon.c b/reactos/dll/win32/advapi32/misc/logon.c index 68f6b30449d..6f14106f02d 100644 --- a/reactos/dll/win32/advapi32/misc/logon.c +++ b/reactos/dll/win32/advapi32/misc/logon.c @@ -666,7 +666,7 @@ LogonUserW (LPWSTR lpszUsername, DPRINT ("SamGetUserSid() failed\n"); RtlAllocateAndInitializeSid (&SystemAuthority, 5, - SECURITY_NT_NON_UNIQUE_RID, + SECURITY_NT_NON_UNIQUE, 0x12345678, 0x12345678, 0x12345678, diff --git a/reactos/dll/win32/advapi32/sec/sid.c b/reactos/dll/win32/advapi32/sec/sid.c index f82ef5b5060..f53e8cbabe1 100644 --- a/reactos/dll/win32/advapi32/sec/sid.c +++ b/reactos/dll/win32/advapi32/sec/sid.c @@ -31,6 +31,63 @@ typedef struct _ACEFLAG DWORD value; } ACEFLAG, *LPACEFLAG; +typedef struct _MAX_SID +{ + /* same fields as struct _SID */ + BYTE Revision; + BYTE SubAuthorityCount; + SID_IDENTIFIER_AUTHORITY IdentifierAuthority; + DWORD SubAuthority[SID_MAX_SUB_AUTHORITIES]; +} MAX_SID; + +typedef struct WELLKNOWNSID +{ + WCHAR wstr[2]; + WELL_KNOWN_SID_TYPE Type; + MAX_SID Sid; +} WELLKNOWNSID; + +static const WELLKNOWNSID WellKnownSids[] = +{ + { {0,0}, WinNullSid, { SID_REVISION, 1, { SECURITY_NULL_SID_AUTHORITY }, { SECURITY_NULL_RID } } }, + { {'W','D'}, WinWorldSid, { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY }, { SECURITY_WORLD_RID } } }, + { {0,0}, WinLocalSid, { SID_REVISION, 1, { SECURITY_LOCAL_SID_AUTHORITY }, { SECURITY_LOCAL_RID } } }, + { {'C','O'}, WinCreatorOwnerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_RID } } }, + { {'C','G'}, WinCreatorGroupSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_RID } } }, + { {0,0}, WinCreatorOwnerServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_OWNER_SERVER_RID } } }, + { {0,0}, WinCreatorGroupServerSid, { SID_REVISION, 1, { SECURITY_CREATOR_SID_AUTHORITY }, { SECURITY_CREATOR_GROUP_SERVER_RID } } }, + { {0,0}, WinNtAuthoritySid, { SID_REVISION, 0, { SECURITY_NT_AUTHORITY }, { } } }, + { {0,0}, WinDialupSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_DIALUP_RID } } }, + { {'N','U'}, WinNetworkSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_RID } } }, + { {0,0}, WinBatchSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BATCH_RID } } }, + { {'I','U'}, WinInteractiveSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_INTERACTIVE_RID } } }, + { {'S','U'}, WinServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } } }, + { {'A','N'}, WinAnonymousSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ANONYMOUS_LOGON_RID } } }, + { {0,0}, WinProxySid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PROXY_RID } } }, + { {'E','D'}, WinEnterpriseControllersSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_ENTERPRISE_CONTROLLERS_RID } } }, + { {'P','S'}, WinSelfSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_PRINCIPAL_SELF_RID } } }, + { {'A','U'}, WinAuthenticatedUserSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_AUTHENTICATED_USER_RID } } }, + { {'R','C'}, WinRestrictedCodeSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_RESTRICTED_CODE_RID } } }, + { {0,0}, WinTerminalServerSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_TERMINAL_SERVER_RID } } }, + { {0,0}, WinRemoteLogonIdSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_REMOTE_LOGON_RID } } }, + { {'S','Y'}, WinLocalSystemSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } } }, + { {'L','S'}, WinLocalServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SERVICE_RID } } }, + { {'N','S'}, WinNetworkServiceSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_NETWORK_SERVICE_RID } } }, + { {0,0}, WinBuiltinDomainSid, { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID } } }, + { {'B','A'}, WinBuiltinAdministratorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS } } }, + { {'B','U'}, WinBuiltinUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS } } }, + { {'B','G'}, WinBuiltinGuestsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS } } }, + { {'P','U'}, WinBuiltinPowerUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS } } }, + { {'A','O'}, WinBuiltinAccountOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ACCOUNT_OPS } } }, + { {'S','O'}, WinBuiltinSystemOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_SYSTEM_OPS } } }, + { {'P','O'}, WinBuiltinPrintOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PRINT_OPS } } }, + { {'B','O'}, WinBuiltinBackupOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_BACKUP_OPS } } }, + { {'R','E'}, WinBuiltinReplicatorSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REPLICATOR } } }, + { {'R','U'}, WinBuiltinPreWindows2000CompatibleAccessSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_PREW2KCOMPACCESS } } }, + { {'R','D'}, WinBuiltinRemoteDesktopUsersSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS } } }, + { {'N','O'}, WinBuiltinNetworkConfigurationOperatorsSid, { SID_REVISION, 2, { SECURITY_NT_AUTHORITY }, { SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS } } }, +}; + static const SID sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } }; /* @@ -68,6 +125,57 @@ static const WCHAR SDDL_INHERITED[] = {'I','D',0}; static const WCHAR SDDL_AUDIT_SUCCESS[] = {'S','A',0}; static const WCHAR SDDL_AUDIT_FAILURE[] = {'F','A',0}; +static const char * debugstr_sid(PSID sid) +{ + int auth = 0; + SID * psid = (SID *)sid; + + if (psid == NULL) + return "(null)"; + + auth = psid->IdentifierAuthority.Value[5] + + (psid->IdentifierAuthority.Value[4] << 8) + + (psid->IdentifierAuthority.Value[3] << 16) + + (psid->IdentifierAuthority.Value[2] << 24); + + switch (psid->SubAuthorityCount) { + case 0: + return wine_dbg_sprintf("S-%d-%d", psid->Revision, auth); + case 1: + return wine_dbg_sprintf("S-%d-%d-%lu", psid->Revision, auth, + psid->SubAuthority[0]); + case 2: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1]); + case 3: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2]); + case 4: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], + psid->SubAuthority[3]); + case 5: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], + psid->SubAuthority[3], psid->SubAuthority[4]); + case 6: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[3], psid->SubAuthority[1], psid->SubAuthority[2], + psid->SubAuthority[0], psid->SubAuthority[4], psid->SubAuthority[5]); + case 7: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], + psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], + psid->SubAuthority[6]); + case 8: + return wine_dbg_sprintf("S-%d-%d-%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu", psid->Revision, auth, + psid->SubAuthority[0], psid->SubAuthority[1], psid->SubAuthority[2], + psid->SubAuthority[3], psid->SubAuthority[4], psid->SubAuthority[5], + psid->SubAuthority[6], psid->SubAuthority[7]); + } + return "(too-big)"; +} + /* set last error code from NT status and get the proper boolean return value */ /* used for functions that are a simple wrapper around the corresponding ntdll API */ static __inline BOOL set_ntstatus( NTSTATUS status ) @@ -1020,7 +1128,36 @@ CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType, OUT PSID pSid, IN OUT DWORD* cbSid) { - FIXME("unimplemented!\n", __FUNCTION__); + int i; + TRACE("(%d, %s, %p, %p)\n", WellKnownSidType, debugstr_sid(DomainSid), pSid, cbSid); + + if (DomainSid != NULL) { + FIXME("Only local computer supported!\n"); + SetLastError(ERROR_INVALID_PARAMETER); /* FIXME */ + return FALSE; + } + + if (cbSid == NULL || pSid == NULL) { + SetLastError(ERROR_INVALID_PARAMETER); + return FALSE; + } + + for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) { + if (WellKnownSids[i].Type == WellKnownSidType) { + DWORD length = GetSidLengthRequired(WellKnownSids[i].Sid.SubAuthorityCount); + + if (*cbSid < length) { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + return FALSE; + } + + CopyMemory(pSid, &WellKnownSids[i].Sid.Revision, length); + *cbSid = length; + return TRUE; + } + } + + SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } @@ -1032,7 +1169,14 @@ BOOL STDCALL IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType) { - FIXME("unimplemented!\n", __FUNCTION__); + int i; + TRACE("(%s, %d)\n", debugstr_sid(pSid), WellKnownSidType); + + for (i = 0; i < sizeof(WellKnownSids)/sizeof(WellKnownSids[0]); i++) + if (WellKnownSids[i].Type == WellKnownSidType) + if (EqualSid(pSid, (PSID)&(WellKnownSids[i].Sid.Revision))) + return TRUE; + return FALSE; } diff --git a/reactos/include/psdk/winnt.h b/reactos/include/psdk/winnt.h index 7a86b9a7587..c63d4c2c5fa 100644 --- a/reactos/include/psdk/winnt.h +++ b/reactos/include/psdk/winnt.h @@ -529,19 +529,39 @@ typedef DWORD FLONG; #define SECURITY_LOGON_IDS_RID_COUNT 0x3 #define SID_REVISION 1 -#define DOMAIN_USER_RID_ADMIN 0x1F4L -#define DOMAIN_USER_RID_GUEST 0x1F5L -#define DOMAIN_GROUP_RID_ADMINS 0x200L -#define DOMAIN_GROUP_RID_USERS 0x201L -#define DOMAIN_ALIAS_RID_ADMINS 0x220L -#define DOMAIN_ALIAS_RID_USERS 0x221L -#define DOMAIN_ALIAS_RID_GUESTS 0x222L -#define DOMAIN_ALIAS_RID_POWER_USERS 0x223L -#define DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x224L -#define DOMAIN_ALIAS_RID_SYSTEM_OPS 0x225L -#define DOMAIN_ALIAS_RID_PRINT_OPS 0x226L -#define DOMAIN_ALIAS_RID_BACKUP_OPS 0x227L -#define DOMAIN_ALIAS_RID_REPLICATOR 0x228L + +#define FOREST_USER_RID_MAX 0x000001F3L +#define DOMAIN_USER_RID_ADMIN 0x000001F4L +#define DOMAIN_USER_RID_GUEST 0x000001F5L +#define DOMAIN_USER_RID_KRBTGT 0x000001F6L +#define DOMAIN_USER_RID_MAX 0x000003E7L + +#define DOMAIN_GROUP_RID_ADMINS 0x00000200L +#define DOMAIN_GROUP_RID_USERS 0x00000201L +#define DOMAIN_GROUP_RID_GUESTS 0x00000202L + +#define DOMAIN_ALIAS_RID_ADMINS 0x00000220L +#define DOMAIN_ALIAS_RID_USERS 0x00000221L +#define DOMAIN_ALIAS_RID_GUESTS 0x00000222L +#define DOMAIN_ALIAS_RID_POWER_USERS 0x00000223L + +#define DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x00000224L +#define DOMAIN_ALIAS_RID_SYSTEM_OPS 0x00000225L +#define DOMAIN_ALIAS_RID_PRINT_OPS 0x00000226L +#define DOMAIN_ALIAS_RID_BACKUP_OPS 0x00000227L + +#define DOMAIN_ALIAS_RID_REPLICATOR 0x00000228L +#define DOMAIN_ALIAS_RID_RAS_SERVERS 0x00000229L +#define DOMAIN_ALIAS_RID_PREW2KCOMPACCESS 0x0000022AL +#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS 0x0000022BL +#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS 0x0000022CL +#define DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS 0x0000022DL + +#define DOMAIN_ALIAS_RID_MONITORING_USERS 0x0000022EL +#define DOMAIN_ALIAS_RID_LOGGING_USERS 0x0000022FL +#define DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS 0x00000230L +#define DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS 0x00000231L +#define DOMAIN_ALIAS_RID_DCOM_USERS 0x00000232L typedef enum {