The Samba-Bugzilla – Attachment 10082 Details for
Bug 10698
backport drs-crackname fixes from master
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-1-test
tmp41.diff (text/plain), 6.15 KB, created by
Stefan Metzmacher
on 2014-07-08 12:29:46 UTC
(
hide
)
Description:
Patches for v4-1-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2014-07-08 12:29:46 UTC
Size:
6.15 KB
patch
obsolete
>From 9107eb877369752d61f1a77197ba015f0c141d86 Mon Sep 17 00:00:00 2001 >From: Matthieu Patou <mat@matws.net> >Date: Sat, 29 Jun 2013 16:02:32 -0700 >Subject: [PATCH 1/4] drs-crackname: Fix cracknames for the format UNKNOWN when > the data is actually a GUID > >The cannonical crackname expect a "/" or it returns >DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR, when doing UNKNOWN format it's not >an error to not have a "/" in the name to crack it's just a sign the >name is not a cannonical one. > >Signed-off-by: Matthieu Patou <mat@matws.net> >Reviewed-by: Andrew Bartlett <abarlett@samba.org> >(cherry picked from commit aa17a2c01dbab2e522a8ccccaed7943963bab5b9) >--- > source4/dsdb/samdb/cracknames.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c >index 0c4cdfc..388b6c7 100644 >--- a/source4/dsdb/samdb/cracknames.c >+++ b/source4/dsdb/samdb/cracknames.c >@@ -488,7 +488,10 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, > if (!W_ERROR_IS_OK(werr)) { > return werr; > } >- if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { >+ if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND && >+ (formats[i] != DRSUAPI_DS_NAME_FORMAT_CANONICAL || >+ info1->status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR)) >+ { > return werr; > } > } >-- >1.9.1 > > >From 71f1cd303a191e51a9bb292264e995c2cbc2f6bb Mon Sep 17 00:00:00 2001 >From: Matthieu Patou <mat@matws.net> >Date: Sun, 30 Jun 2013 02:03:02 -0700 >Subject: [PATCH 2/4] drs-cracknames: When cracking NT4 names we should just > look at netbios for the match > >Looking at dnsRoot will yield a result for domain.tld\username when it >shouldn't work. > >Signed-off-by: Matthieu Patou <mat@matws.net> >Reviewed-by: Andrew Bartlett <abarlett@samba.org> >(cherry picked from commit 552b4f3e022dca594e1dada7979fe351eee8cf9b) >--- > source4/dsdb/samdb/cracknames.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > >diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c >index 388b6c7..628546e 100644 >--- a/source4/dsdb/samdb/cracknames.c >+++ b/source4/dsdb/samdb/cracknames.c >@@ -577,8 +577,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, > } > > domain_filter = talloc_asprintf(mem_ctx, >- "(&(objectClass=crossRef)(|(dnsRoot=%s)(netbiosName=%s))(systemFlags:%s:=%u))", >- ldb_binary_encode_string(mem_ctx, domain), >+ "(&(objectClass=crossRef)(netbiosName=%s)(systemFlags:%s:=%u))", > ldb_binary_encode_string(mem_ctx, domain), > LDB_OID_COMPARATOR_AND, > SYSTEM_FLAG_CR_NTDS_DOMAIN); >-- >1.9.1 > > >From a9ae248b40eb1ad59fdd2dbca74f6426a99565db Mon Sep 17 00:00:00 2001 >From: Matthieu Patou <mat@matws.net> >Date: Sun, 30 Jun 2013 02:04:20 -0700 >Subject: [PATCH 3/4] drs-crackname: Fix error code so that we have the same as > windows > >Signed-off-by: Matthieu Patou <mat@matws.net> >Reviewed-by: Andrew Bartlett <abarlett@samba.org> >(cherry picked from commit 029e80da9d1ab5096cd0981110b588245f8fd50d) >--- > source4/dsdb/samdb/cracknames.c | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c >index 628546e..caafd2f 100644 >--- a/source4/dsdb/samdb/cracknames.c >+++ b/source4/dsdb/samdb/cracknames.c >@@ -934,6 +934,7 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ > struct ldb_result *res; > uint32_t dsdb_flags = 0; > struct ldb_dn *real_search_dn; >+ info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; > > if (domain_res) { > if (!search_dn) { >-- >1.9.1 > > >From 63f1bd95b4a34f84afcf06a34430bb5c57e00bbd Mon Sep 17 00:00:00 2001 >From: Matthieu Patou <mat@matws.net> >Date: Sun, 30 Jun 2013 20:44:22 -0700 >Subject: [PATCH 4/4] drs-cracksname: fix problems that prevented to pass our > torture tests > >Some of the problems where also reported by Microsoft testing tools > >Signed-off-by: Matthieu Patou <mat@matws.net> >Reviewed-by: Andrew Bartlett <abarlett@samba.org> >(cherry picked from commit 7fe4630bad232c09e29739beedda2e2fb63747ed) >--- > source4/dsdb/samdb/cracknames.c | 27 +++++++++++++++++++++------ > 1 file changed, 21 insertions(+), 6 deletions(-) > >diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c >index caafd2f..d09da25 100644 >--- a/source4/dsdb/samdb/cracknames.c >+++ b/source4/dsdb/samdb/cracknames.c >@@ -468,7 +468,9 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, > /* TODO: - fill the correct names in all cases! > * - handle format_flags > */ >- >+ if (format_desired == DRSUAPI_DS_NAME_FORMAT_UNKNOWN) { >+ return WERR_OK; >+ } > /* here we need to set the domain_filter and/or the result_filter */ > switch (format_offered) { > case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: >@@ -933,10 +935,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ > int ret; > struct ldb_result *res; > uint32_t dsdb_flags = 0; >- struct ldb_dn *real_search_dn; >+ struct ldb_dn *real_search_dn = NULL; > info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; > >- if (domain_res) { >+ /* >+ * From 4.1.4.2.11 of MS-DRSR >+ * if DS_NAME_FLAG_GCVERIFY in flags then >+ * rt := select all O from all >+ * where attrValue in GetAttrVals(O, att, false) >+ * else >+ * rt := select all O from subtree DefaultNC() >+ * where attrValue in GetAttrVals(O, att, false) >+ * endif >+ * return rt >+ */ >+ if (format_flags & DRSUAPI_DS_NAME_FLAG_GCVERIFY || >+ format_offered == DRSUAPI_DS_NAME_FORMAT_GUID) >+ { >+ dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; >+ } else if (domain_res) { > if (!search_dn) { > struct ldb_dn *tmp_dn = samdb_result_dn(sam_ctx, mem_ctx, domain_res->msgs[0], "ncName", NULL); > real_search_dn = tmp_dn; >@@ -944,13 +961,11 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ > real_search_dn = search_dn; > } > } else { >- dsdb_flags = DSDB_SEARCH_SEARCH_ALL_PARTITIONS; >- real_search_dn = NULL; >+ real_search_dn = ldb_get_default_basedn(sam_ctx); > } > if (format_desired == DRSUAPI_DS_NAME_FORMAT_GUID){ > dsdb_flags |= DSDB_SEARCH_SHOW_RECYCLED; > } >- > /* search with the 'phantom root' flag */ > ret = dsdb_search(sam_ctx, mem_ctx, &res, > real_search_dn, >-- >1.9.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10082">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
metze
:
review?
(
mat
)
Actions:
View
Attachments on
bug 10698
: 10082