From 3a771b60668f891e61e440321bfa12994eb1cf52 Mon Sep 17 00:00:00 2001 From: Hans Leidekker Date: Wed, 26 Aug 2015 08:44:45 +0200 Subject: [PATCH] advapi32: Add well-known SID WinBuiltinAnyPackageSid. --- dlls/advapi32/security.c | 6 +++++- dlls/advapi32/tests/security.c | 17 ++++++++--------- include/winnt.h | 12 ++++++++++++ 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index a40e63976f0..e8f64d5219d 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -133,6 +133,7 @@ static const WELLKNOWNSID WellKnownSids[] = { {'M','E'}, WinMediumLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_MEDIUM_RID } } }, { {'H','I'}, WinHighLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_HIGH_RID } } }, { {'S','I'}, WinSystemLabelSid, { SID_REVISION, 1, { SECURITY_MANDATORY_LABEL_AUTHORITY}, { SECURITY_MANDATORY_SYSTEM_RID } } }, + { {0,0}, WinBuiltinAnyPackageSid, { SID_REVISION, 2, { SECURITY_APP_PACKAGE_AUTHORITY }, { SECURITY_APP_PACKAGE_BASE_RID, SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE } } }, }; /* these SIDs must be constructed as relative to some domain - only the RID is well-known */ @@ -173,7 +174,9 @@ typedef struct _AccountSid { static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 }; static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 }; static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 }; +static const WCHAR ALL_APPLICATION_PACKAGES[] = { 'A','L','L',' ','A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E','S',0 }; static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 }; +static const WCHAR APPLICATION_PACKAGE_AUTHORITY[] = { 'A','P','P','L','I','C','A','T','I','O','N',' ','P','A','C','K','A','G','E',' ','A','U','T','H','O','R','I','T','Y',0 }; static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 }; static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 }; static const WCHAR BATCH[] = { 'B','A','T','C','H',0 }; @@ -277,6 +280,7 @@ static const AccountSid ACCOUNT_SIDS[] = { { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup }, { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias }, { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias }, + { WinBuiltinAnyPackageSid, ALL_APPLICATION_PACKAGES, APPLICATION_PACKAGE_AUTHORITY, SidTypeWellKnownGroup }, }; /* * ACE access rights @@ -2208,7 +2212,7 @@ LookupAccountSidW( } /* check the well known SIDs first */ - for (i = 0; i <= 60; i++) { + for (i = 0; i <= WinAccountProtectedUsersSid; i++) { if (IsWellKnownSid(sid, i)) { for (j = 0; j < (sizeof(ACCOUNT_SIDS) / sizeof(ACCOUNT_SIDS[0])); j++) { if (ACCOUNT_SIDS[j].type == i) { diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 5d52fab78ff..46db49c5c0d 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -1731,7 +1731,9 @@ static const struct well_known_sid_value /* 69 */ {TRUE, "S-1-16-16384"}, {TRUE, "S-1-5-33"}, {TRUE, "S-1-3-4"}, /* 72 */ {FALSE, "S-1-5-21-12-23-34-45-56-571"}, {FALSE, "S-1-5-21-12-23-34-45-56-572"}, /* 74 */ {TRUE, "S-1-5-22"}, {FALSE, "S-1-5-21-12-23-34-45-56-521"}, {TRUE, "S-1-5-32-573"}, -/* 77 */ {FALSE, "S-1-5-21-12-23-34-45-56-498"}, {TRUE, "S-1-5-32-574"}, {TRUE, "S-1-16-8448"} +/* 77 */ {FALSE, "S-1-5-21-12-23-34-45-56-498"}, {TRUE, "S-1-5-32-574"}, {TRUE, "S-1-16-8448"}, +/* 80 */ {FALSE, NULL}, {TRUE, "S-1-2-1"}, {TRUE, "S-1-5-65-1"}, {FALSE, NULL}, +/* 84 */ {TRUE, "S-1-15-2-1"}, }; static void test_CreateWellKnownSid(void) @@ -1780,15 +1782,12 @@ static void test_CreateWellKnownSid(void) if (value->sid_string == NULL) continue; - if (i > WinAccountRasAndIasServersSid) + /* some SIDs aren't implemented by all Windows versions - detect it */ + cb = sizeof(sid_buffer); + if (!pCreateWellKnownSid(i, NULL, sid_buffer, &cb)) { - /* These SIDs aren't implemented by all Windows versions - detect it and break the loop */ - cb = sizeof(sid_buffer); - if (!pCreateWellKnownSid(i, domainsid, sid_buffer, &cb)) - { - skip("Well known SIDs starting from %u are not implemented\n", i); - break; - } + skip("Well known SID %u not implemented\n", i); + continue; } cb = sizeof(sid_buffer); diff --git a/include/winnt.h b/include/winnt.h index 93e216fc50a..ded01f617f7 100644 --- a/include/winnt.h +++ b/include/winnt.h @@ -4181,6 +4181,18 @@ typedef struct _SID_AND_ATTRIBUTES { #define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS __MSABI_LONG(0x00000207) #define DOMAIN_GROUP_RID_POLICY_ADMINS __MSABI_LONG(0x00000208) +#define SECURITY_APP_PACKAGE_AUTHORITY {0,0,0,0,0,15} +#define SECURITY_APP_PACKAGE_BASE_RID __MSABI_LONG(0x000000002) +#define SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT __MSABI_LONG(0x000000002) +#define SECURITY_APP_PACKAGE_RID_COUNT __MSABI_LONG(0x000000008) +#define SECURITY_CAPABILITY_BASE_RID __MSABI_LONG(0x000000003) +#define SECURITY_CAPABILITY_APP_RID __MSABI_LONG(0x000000400) +#define SECURITY_BUILTIN_CAPABILITY_RID_COUNT __MSABI_LONG(0x000000002) +#define SECURITY_CAPABILITY_RID_COUNT __MSABI_LONG(0x000000005) +#define SECURITY_PARENT_PACKAGE_RID_COUNT SECURITY_APP_PACKAGE_RID_COUNT +#define SECURITY_CHILD_PACKAGE_RID_COUNT __MSABI_LONG(0x00000000c) +#define SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE __MSABI_LONG(0x000000001) + #define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16} #define SECURITY_MANDATORY_UNTRUSTED_RID __MSABI_LONG(0x00000000) #define SECURITY_MANDATORY_LOW_RID __MSABI_LONG(0x00001000)