The Samba-Bugzilla – Attachment 17991 Details for
Bug 14213
Windows Explorer crashes on S-1-22-* Unix-SIDs when accessing security tab
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
My current wip patch to match Windows Server 2022
bfixes-tmp.diff.txt (text/plain), 5.69 KB, created by
Stefan Metzmacher
on 2023-07-20 19:56:10 UTC
(
hide
)
Description:
My current wip patch to match Windows Server 2022
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2023-07-20 19:56:10 UTC
Size:
5.69 KB
patch
obsolete
>From ead54d5a6c4a505f7e5c6634793562ce840f177c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Wed, 12 Aug 2020 17:08:14 +0200 >Subject: [PATCH 1/3] libcli/security: let dom_sid_lookup_predefined_sid() > behave like Windows 2008R2 > >Windows (172.31.9.133) returns the following: > > #> rpcclient 172.31.9.133 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3' > S-1-22-1 *unknown*\*unknown* (8) > S-1-22-1-0 *unknown*\*unknown* (8) > result was NT_STATUS_INVALID_SID > S-1-3-0 \CREATOR OWNER (5) > S-1-3-99 *unknown*\*unknown* (8) > result was NT_STATUS_INVALID_SID > >While the current Samba (172.31.9.163) returns the following: > > #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3' > result was NT_STATUS_INVALID_SID > result was NT_STATUS_INVALID_SID > S-1-3-0 \CREATOR OWNER (5) > S-1-3-99 *unknown*\*unknown* (8) > S-1-3 *unknown*\*unknown* (8) > >With this change also return the same as Windows: > > #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3' > S-1-22-1 *unknown*\*unknown* (8) > S-1-22-1-0 *unknown*\*unknown* (8) > result was NT_STATUS_INVALID_SID > S-1-3-0 \CREATOR OWNER (5) > S-1-3-99 *unknown*\*unknown* (8) > result was NT_STATUS_INVALID_SID > >This is a minimal fix in order to avoid crashes in the Windows Explorer. >The real fix needs more work and additional tests, as the behavior seems >to be different in newer Windows releases. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >--- > libcli/security/util_sid.c | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > >diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c >index 6ee22284033c..dbc3f52a4ac9 100644 >--- a/libcli/security/util_sid.c >+++ b/libcli/security/util_sid.c >@@ -1002,7 +1002,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, > const char **authority_name) > { > size_t di; >- bool match_domain = false; > > *name = NULL; > *type = SID_NAME_UNKNOWN; >@@ -1024,8 +1023,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, > continue; > } > >- match_domain = true; >- > for (ni = 0; ni < d->num_names; ni++) { > const struct predefined_name_mapping *n = > &d->names[ni]; >@@ -1043,7 +1040,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, > } > } > >- if (!match_domain) { >+ if (sid->num_auths == 0) { > return NT_STATUS_INVALID_SID; > } > >-- >2.34.1 > > >From 97cf587c3ea19b8c92c6058fb76206391c002683 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 10 Mar 2023 15:05:15 +0100 >Subject: [PATCH 2/3] source4/rpc_server/lsa/lsa_lookup.c behave like Windows > 2008R2 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213 >--- > source4/rpc_server/lsa/lsa_lookup.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > >diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c >index 61cb8a10a238..d8d06bf82164 100644 >--- a/source4/rpc_server/lsa/lsa_lookup.c >+++ b/source4/rpc_server/lsa/lsa_lookup.c >@@ -35,6 +35,7 @@ struct dcesrv_lsa_TranslatedItem { > uint32_t flags; > uint32_t wb_idx; > bool done; >+ bool invalid_sid; > struct { > const char *domain; /* only $DOMAIN\ */ > const char *namespace; /* $NAMESPACE\ or @$NAMESPACE */ >@@ -380,6 +381,10 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_call(struct dcesrv_lsa_LookupSids_bas > status = view->lookup_sid(state, item); > if (NT_STATUS_IS_OK(status)) { > item->done = true; >+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_SID)) { >+ item->done = true; >+ item->invalid_sid = true; >+ status = NT_STATUS_OK; > } else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { > status = NT_STATUS_OK; > } else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) { >@@ -438,6 +443,7 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_finish( > struct dcesrv_lsa_LookupSids_base_state *state) > { > struct lsa_LookupSids3 *r = &state->r; >+ uint32_t num_invalid_sid = 0; > uint32_t i; > > for (i=0;i<r->in.sids->num_sids;i++) { >@@ -470,6 +476,16 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_finish( > if (item->type != SID_NAME_UNKNOWN) { > (*r->out.count)++; > } >+ if (item->invalid_sid) { >+ num_invalid_sid++; >+ } >+ } >+ >+ if (num_invalid_sid != 0) { >+ TALLOC_FREE(*r->out.domains); >+ TALLOC_FREE(r->out.names->names); >+ r->out.names->count = 0; >+ return NT_STATUS_INVALID_SID; > } > > if (*r->out.count == 0) { >-- >2.34.1 > > >From e3193fd4d904030107ca78944c725157fc94cce2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 10 Mar 2023 15:05:15 +0100 >Subject: [PATCH 3/3] source4/rpc_server/lsa/lsa_lookup.c behave like Windows > 2022 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213 >--- > source4/rpc_server/lsa/lsa_lookup.c | 13 ++++++------- > 1 file changed, 6 insertions(+), 7 deletions(-) > >diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c >index d8d06bf82164..3c19819c1e7f 100644 >--- a/source4/rpc_server/lsa/lsa_lookup.c >+++ b/source4/rpc_server/lsa/lsa_lookup.c >@@ -481,14 +481,13 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_finish( > } > } > >- if (num_invalid_sid != 0) { >- TALLOC_FREE(*r->out.domains); >- TALLOC_FREE(r->out.names->names); >- r->out.names->count = 0; >- return NT_STATUS_INVALID_SID; >- } >- > if (*r->out.count == 0) { >+ if (num_invalid_sid != 0) { >+ for (i=0;i<r->out.names->count;i++) { >+ r->out.names->names[i].name.string = NULL; >+ } >+ return NT_STATUS_INVALID_SID; >+ } > return NT_STATUS_NONE_MAPPED; > } > if (*r->out.count != r->in.sids->num_sids) { >-- >2.34.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17991">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14213
:
15669
|
15672
|
15746
|
15747
|
16168
|
16169
|
16170
| 17991