Attachment 11498 Details for Bug 11555 – git-am fix for 4.3.next, 4.2.next

[patch] git-am fix for 4.3.next, 4.2.next

bug-11555-4.x (text/plain), 4.67 KB, created by Jeremy Allison on 2015-10-15 21:48:08 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2015-10-15 21:48:08 UTC

Size: 4.67 KB

patch

obsolete

>From 16b56eb2b90373077729b8be8e2a30cb09e868fb Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Thu, 15 Oct 2015 12:35:26 +0200
>Subject: [PATCH 1/2] s3:lib: validate domain name in lookup_wellknown_name()
>
>If domain argument is not an empty string, only search the matching
>wellknown domain name.
>
>As the only wellknown domain with a name is "NT Authority", passing ""
>to lookup_wellknown_name() will search all domains inlcuding "NT
>Authority".
>
>Passing "NT Authority" otoh will obviously only search that domain.
>
>This change makes lookup_wellknown_name() behave like this:
>
>in domain         | in name       | ok | out sid | out domain
>========================================================
>                    Dialup          +    S-1-5-1   NT Authority
>NT Authority        Dialup          +    S-1-5-1   NT Authority
>Creator Authority   Dialup          -    -         -
>                    Creator Owner   +    S-1-3-0   ""
>Creator Authority   Creator Owner   -    -         -
>NT Authority        Creator Owner   -    -         -
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Uri Simchoni <uri@samba.org>
>(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)
>---
> source3/lib/util_wellknown.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
>diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c
>index 0f627d1..a3db9ab 100644
>--- a/source3/lib/util_wellknown.c
>+++ b/source3/lib/util_wellknown.c
>@@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
> ***************************************************************************/
> 
> bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
>-			   struct dom_sid *sid, const char **domain)
>+			   struct dom_sid *sid, const char **pdomain)
> {
> 	int i, j;
>+	const char *domain = *pdomain;
> 
>-	DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name));
>+	DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
> 
> 	for (i=0; special_domains[i].sid != NULL; i++) {
> 		const struct rid_name_map *users =
> 			special_domains[i].known_users;
> 
>+		if (domain[0] != '\0') {
>+			if (!strequal(domain, special_domains[i].name)) {
>+				continue;
>+			}
>+		}
>+
> 		if (users == NULL)
> 			continue;
> 
>@@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
> 			if ( strequal(users[j].name, name) ) {
> 				sid_compose(sid, special_domains[i].sid,
> 					    users[j].rid);
>-				*domain = talloc_strdup(
>+				*pdomain = talloc_strdup(
> 					mem_ctx, special_domains[i].name);
> 				return True;
> 			}
>-- 
>2.6.0.rc2.230.g3dd15c0
>
>
>From 73e73d61509e23e88995c5f01f5b940fee268e8a Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Thu, 15 Oct 2015 09:20:58 -0700
>Subject: [PATCH 2/2] s3: lsa: lookup_name() logic for unqualified (no DOMAIN\
> component) names is incorrect.
>
>Change so we only use unqualified name lookup logic if
>domain component = "" and LOOKUP_NAME_ISOLATED flag is
>passed in.
>
>Remember to search for "NT Authority" *before* going
>into unqualified name lookup logic.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Uri Simchoni <uri@samba.org>
>(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)
>---
> source3/passdb/lookup_sid.c | 31 ++++++++++++++++++++++++++++++-
> 1 file changed, 30 insertions(+), 1 deletion(-)
>
>diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
>index 3f99ee1..1ffd657 100644
>--- a/source3/passdb/lookup_sid.c
>+++ b/source3/passdb/lookup_sid.c
>@@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
> 		return false;
> 	}
> 
>-	if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
>+	/*
>+	 * Finally check for a well known domain name ("NT Authority"),
>+	 * this is taken care if in lookup_wellknown_name().
>+	 */
>+	if ((domain[0] != '\0') &&
>+	    (flags & LOOKUP_NAME_WKN) &&
>+	    lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
>+	{
>+		type = SID_NAME_WKN_GRP;
>+		goto ok;
>+	}
>+
>+	/*
>+	 * If we're told not to look up 'isolated' names then we're
>+	 * done.
>+	 */
>+	if (!(flags & LOOKUP_NAME_ISOLATED)) {
>+		TALLOC_FREE(tmp_ctx);
>+		return false;
>+	}
>+
>+	/*
>+	 * No domain names beyond this point
>+	 */
>+	if (domain[0] != '\0') {
> 		TALLOC_FREE(tmp_ctx);
> 		return false;
> 	}
>@@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
> 
> 	/* 1. well-known names */
> 
>+	/*
>+	 * Check for well known names without a domain name.
>+	 * e.g. \Creator Owner.
>+	 */
>+
> 	if ((flags & LOOKUP_NAME_WKN) &&
> 	    lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
> 	{
>-- 
>2.6.0.rc2.230.g3dd15c0
>

Flags:

slow: review+

Actions: View

Attachments on bug 11555: 11490 | 11493 | 11497 | 11498