From 16e836767383d3b657f22a5bab21fff5fc27fd78 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 12 Aug 2020 17:08:14 +0200
Subject: [PATCH] WIP: libcli/security: let dom_sid_lookup_predefined_sid()
 behave like Windows

Windows (172.31.9.133) returns the following:

 #> rpcclient 172.31.9.133 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 S-1-22-1 *unknown*\*unknown* (8)
 S-1-22-1-0 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID

While the current Samba (172.31.9.163) returns the following:

 #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 result was NT_STATUS_INVALID_SID
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 S-1-3 *unknown*\*unknown* (8)

With this change also return the same as Windows:

 #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 S-1-22-1 *unknown*\*unknown* (8)
 S-1-22-1-0 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213
---
 libcli/security/util_sid.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index e47ed04c30f8..415cc9634c70 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -919,7 +919,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
 				       const char **authority_name)
 {
 	size_t di;
-	bool match_domain = false;
 
 	*name = NULL;
 	*type = SID_NAME_UNKNOWN;
@@ -941,8 +940,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
 			continue;
 		}
 
-		match_domain = true;
-
 		for (ni = 0; ni < d->num_names; ni++) {
 			const struct predefined_name_mapping *n =
 				&d->names[ni];
@@ -960,7 +957,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
 		}
 	}
 
-	if (!match_domain) {
+	if (sid->num_auths == 0) {
 		return NT_STATUS_INVALID_SID;
 	}
 
-- 
2.17.1