From 2638965d681a4b3cf71d2e67ea15d8d456de50e0 Mon Sep 17 00:00:00 2001
From: Julia Bremer <bremer@univention.de>
Date: Mon, 20 Jan 2020 17:55:46 +0100
Subject: [PATCH 1/1] Add ID authenticators to default_domain_mapping to
 prevent windows explorer crashes

---
 libcli/security/util_sid.c | 135 +++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)

diff --git libcli/security/util_sid.c libcli/security/util_sid.c
index e47ed04c30f..2ada5b516f8 100644
--- libcli/security/util_sid.c
+++ libcli/security/util_sid.c
@@ -685,6 +685,22 @@ static const struct predefined_name_mapping predefined_names_S_1_7[] = {
 	},
 };
 
+/*
+ * S-1-15
+ */
+static const struct predefined_name_mapping predefined_names_S_1_15[] = {
+	{
+		.name = "Security App Package Authority",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID0(15), /* S-1-15 */
+	},
+	{
+		.name = "All App Packages",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID2(15, 2, 1), /* S-1-15-2-1 */
+	},
+};
+
 /*
  * S-1-16
  */
@@ -726,6 +742,89 @@ static const struct predefined_name_mapping predefined_names_S_1_16[] = {
 	},
 };
 
+/*
+ * S-1-17
+ */
+static const struct predefined_name_mapping predefined_names_S_1_17[] = {
+	{
+		.name = "Scoped Policy ID",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID0(17), /* S-1-17 */
+	},
+};
+
+/*
+ * S-1-18
+ */
+static const struct predefined_name_mapping predefined_names_S_1_18[] = {
+	{
+		.name = "Security Authentication Authority",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID0(18), /* S-1-18 */
+	},
+	{
+		.name = "Authentication Authority Asserted Identity",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 1), /* S-1-18-1 */
+	},
+	{
+		.name = "Service Asserted Identity",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 2), /* S-1-18-2 */
+	},
+	{
+		.name = "Fresh Public Key Identity",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 3), /* S-1-18-3 */
+	},
+	{
+		.name = "Key Trust Identity",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 4), /* S-1-18-4 */
+	},
+	{
+		.name = "Key Property MFA",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 5), /* S-1-18-5 */
+	},
+	{
+		.name = "Key Property Attestation",
+		.type = SID_NAME_WKN_GRP,
+		.sid = _SID1(18, 6), /* S-1-18-6 */
+	},
+};
+
+/*
+ * S-1-22
+ */
+static const struct predefined_name_mapping predefined_names_S_1_22[] = {
+	{
+		.name = "Unix",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID0(22), /* S-1-22 */
+	},
+};
+/*
+ * S-1-22-1
+ */
+static const struct predefined_name_mapping predefined_names_S_1_22_1[] = {
+	{
+		.name = "Unix User",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID1(22, 1), /* S-1-22-1 */
+	},
+};
+/*
+ * S-1-22-2
+ */
+static const struct predefined_name_mapping predefined_names_S_1_22_2[] = {
+	{
+		.name = "Unix Group",
+		.type = SID_NAME_DOMAIN,
+		.sid = _SID1(22, 2), /* S-1-22-2 */
+	},
+};
+
 static const struct predefined_domain_mapping predefined_domains[] = {
 	{
 		.domain = "",
@@ -801,12 +900,48 @@ static const struct predefined_domain_mapping predefined_domains[] = {
 		.num_names = ARRAY_SIZE(predefined_names_S_1_7),
 		.names = predefined_names_S_1_7,
 	},
+	{
+		.domain = "Security App Package Authority",
+		.sid = _SID0(15), /* S-1-15 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_15),
+		.names = predefined_names_S_1_15,
+	},
 	{
 		.domain = "Mandatory Label",
 		.sid = _SID0(16), /* S-1-16 */
 		.num_names = ARRAY_SIZE(predefined_names_S_1_16),
 		.names = predefined_names_S_1_16,
 	},
+	{
+		.domain = "Scoped Policy ID",
+		.sid = _SID0(17), /* S-1-17 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_17),
+		.names = predefined_names_S_1_17,
+	},
+	{
+		.domain = "Security Authentication Authority",
+		.sid = _SID0(18), /* S-1-18 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_18),
+		.names = predefined_names_S_1_18,
+	},
+	{
+		.domain = "Unix",
+		.sid = _SID0(22), /* S-1-22 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_22),
+		.names = predefined_names_S_1_22,
+	},
+	{
+		.domain = "Unix User",
+		.sid = _SID1(22, 1), /* S-1-22-1 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_22_1),
+		.names = predefined_names_S_1_22_1,
+	},
+	{
+		.domain = "Unix Group",
+		.sid = _SID1(22, 2), /* S-1-22-2 */
+		.num_names = ARRAY_SIZE(predefined_names_S_1_22_2),
+		.names = predefined_names_S_1_22_2,
+	},
 };
 
 NTSTATUS dom_sid_lookup_predefined_name(const char *name,
-- 
2.17.1