From 1d4a0a6e3077ac35da52f99bede74b59459cff8f Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Tue, 13 Jun 2017 10:10:57 +0000
Subject: [PATCH] [NTMARTA] - Add support for CURRENT_USER trustee in
 AccpGetTrusteeSid. Fixes crash in advapi32_winetest:security CORE-13420
 #resolve

svn path=/trunk/; revision=75019
---
 reactos/dll/win32/ntmarta/ntmarta.c | 60 ++++++++++++++++++++++++++++-
 1 file changed, 59 insertions(+), 1 deletion(-)

diff --git a/reactos/dll/win32/ntmarta/ntmarta.c b/reactos/dll/win32/ntmarta/ntmarta.c
index 2fb069b5122..7eea9a8302a 100644
--- a/reactos/dll/win32/ntmarta/ntmarta.c
+++ b/reactos/dll/win32/ntmarta/ntmarta.c
@@ -443,6 +443,51 @@ AccpGetTrusteeName(IN PTRUSTEE_W Trustee)
     }
 }
 
+static DWORD
+AccpLookupCurrentUser(OUT PSID *ppSid)
+{
+    DWORD Ret;
+    CHAR Buffer[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
+    DWORD Length;
+    HANDLE Token;
+    PSID pSid;
+
+    *ppSid = NULL;
+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &Token))
+    {
+        Ret = GetLastError();
+        if (Ret != ERROR_NO_TOKEN)
+        {
+            return Ret;
+        }
+
+        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &Token))
+        {
+            return GetLastError();
+        }
+    }
+
+    Length = sizeof(Buffer);
+    if (!GetTokenInformation(Token, TokenUser, Buffer, Length, &Length))
+    {
+        Ret = GetLastError();
+        CloseHandle(Token);
+        return Ret;
+    }
+    CloseHandle(Token);
+
+    pSid = ((PTOKEN_USER)Buffer)->User.Sid;
+    Length = GetLengthSid(pSid);
+    *ppSid = LocalAlloc(LMEM_FIXED, Length);
+    if (!*ppSid)
+    {
+        return ERROR_NOT_ENOUGH_MEMORY;
+    }
+    CopyMemory(*ppSid, pSid, Length);
+
+    return ERROR_SUCCESS;
+}
+
 static DWORD
 AccpLookupSidByName(IN LSA_HANDLE PolicyHandle,
                     IN LPWSTR Name,
@@ -509,6 +554,7 @@ AccpGetTrusteeSid(IN PTRUSTEE_W Trustee,
                   OUT BOOL *Allocated)
 {
     DWORD Ret = ERROR_SUCCESS;
+    LPWSTR TrusteeName;
 
     *ppSid = NULL;
     *Allocated = FALSE;
@@ -535,6 +581,18 @@ AccpGetTrusteeSid(IN PTRUSTEE_W Trustee,
             /* fall through */
 
         case TRUSTEE_IS_NAME:
+            TrusteeName = AccpGetTrusteeName(Trustee);
+            if (!wcscmp(TrusteeName, L"CURRENT_USER"))
+            {
+                Ret = AccpLookupCurrentUser(ppSid);
+                if (Ret == ERROR_SUCCESS)
+                {
+                    ASSERT(*ppSid != NULL);
+                    *Allocated = TRUE;
+                }
+                break;
+            }
+
             if (*pPolicyHandle == NULL)
             {
                 Ret = AccpOpenLSAPolicyHandle(NULL, /* FIXME - always local? */
@@ -547,7 +605,7 @@ AccpGetTrusteeSid(IN PTRUSTEE_W Trustee,
             }
 
             Ret = AccpLookupSidByName(*pPolicyHandle,
-                                      AccpGetTrusteeName(Trustee),
+                                      TrusteeName,
                                       ppSid);
             if (Ret == ERROR_SUCCESS)
             {
-- 
2.17.1