The Samba-Bugzilla – Attachment 11498 Details for
Bug 11555
lookup_names() looks up qualified names as unqualified.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.3.next, 4.2.next
bug-11555-4.x (text/plain), 4.67 KB, created by
Jeremy Allison
on 2015-10-15 21:48:08 UTC
(
hide
)
Description:
git-am fix for 4.3.next, 4.2.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2015-10-15 21:48:08 UTC
Size:
4.67 KB
patch
obsolete
>From 16b56eb2b90373077729b8be8e2a30cb09e868fb Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 15 Oct 2015 12:35:26 +0200 >Subject: [PATCH 1/2] s3:lib: validate domain name in lookup_wellknown_name() > >If domain argument is not an empty string, only search the matching >wellknown domain name. > >As the only wellknown domain with a name is "NT Authority", passing "" >to lookup_wellknown_name() will search all domains inlcuding "NT >Authority". > >Passing "NT Authority" otoh will obviously only search that domain. > >This change makes lookup_wellknown_name() behave like this: > >in domain | in name | ok | out sid | out domain >======================================================== > Dialup + S-1-5-1 NT Authority >NT Authority Dialup + S-1-5-1 NT Authority >Creator Authority Dialup - - - > Creator Owner + S-1-3-0 "" >Creator Authority Creator Owner - - - >NT Authority Creator Owner - - - > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Uri Simchoni <uri@samba.org> >(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d) >--- > source3/lib/util_wellknown.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > >diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c >index 0f627d1..a3db9ab 100644 >--- a/source3/lib/util_wellknown.c >+++ b/source3/lib/util_wellknown.c >@@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, > ***************************************************************************/ > > bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, >- struct dom_sid *sid, const char **domain) >+ struct dom_sid *sid, const char **pdomain) > { > int i, j; >+ const char *domain = *pdomain; > >- DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name)); >+ DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name)); > > for (i=0; special_domains[i].sid != NULL; i++) { > const struct rid_name_map *users = > special_domains[i].known_users; > >+ if (domain[0] != '\0') { >+ if (!strequal(domain, special_domains[i].name)) { >+ continue; >+ } >+ } >+ > if (users == NULL) > continue; > >@@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, > if ( strequal(users[j].name, name) ) { > sid_compose(sid, special_domains[i].sid, > users[j].rid); >- *domain = talloc_strdup( >+ *pdomain = talloc_strdup( > mem_ctx, special_domains[i].name); > return True; > } >-- >2.6.0.rc2.230.g3dd15c0 > > >From 73e73d61509e23e88995c5f01f5b940fee268e8a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 15 Oct 2015 09:20:58 -0700 >Subject: [PATCH 2/2] s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ > component) names is incorrect. > >Change so we only use unqualified name lookup logic if >domain component = "" and LOOKUP_NAME_ISOLATED flag is >passed in. > >Remember to search for "NT Authority" *before* going >into unqualified name lookup logic. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Uri Simchoni <uri@samba.org> >(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1) >--- > source3/passdb/lookup_sid.c | 31 ++++++++++++++++++++++++++++++- > 1 file changed, 30 insertions(+), 1 deletion(-) > >diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c >index 3f99ee1..1ffd657 100644 >--- a/source3/passdb/lookup_sid.c >+++ b/source3/passdb/lookup_sid.c >@@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx, > return false; > } > >- if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) { >+ /* >+ * Finally check for a well known domain name ("NT Authority"), >+ * this is taken care if in lookup_wellknown_name(). >+ */ >+ if ((domain[0] != '\0') && >+ (flags & LOOKUP_NAME_WKN) && >+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) >+ { >+ type = SID_NAME_WKN_GRP; >+ goto ok; >+ } >+ >+ /* >+ * If we're told not to look up 'isolated' names then we're >+ * done. >+ */ >+ if (!(flags & LOOKUP_NAME_ISOLATED)) { >+ TALLOC_FREE(tmp_ctx); >+ return false; >+ } >+ >+ /* >+ * No domain names beyond this point >+ */ >+ if (domain[0] != '\0') { > TALLOC_FREE(tmp_ctx); > return false; > } >@@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx, > > /* 1. well-known names */ > >+ /* >+ * Check for well known names without a domain name. >+ * e.g. \Creator Owner. >+ */ >+ > if ((flags & LOOKUP_NAME_WKN) && > lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) > { >-- >2.6.0.rc2.230.g3dd15c0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 11555
:
11490
|
11493
|
11497
| 11498