The Samba-Bugzilla – Attachment 3045 Details for
Bug 4801
LSA lookup names does not handle lookup level 2 - 6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to 3.0.28
diff (text/plain), 7.11 KB, created by
Michael Adam
on 2007-12-13 04:06:55 UTC
(
hide
)
Description:
Patch to 3.0.28
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2007-12-13 04:06:55 UTC
Size:
7.11 KB
patch
obsolete
>diff --git a/source/include/smb.h b/source/include/smb.h >index 3f2f223..ed1d049 100644 >--- a/source/include/smb.h >+++ b/source/include/smb.h >@@ -257,12 +257,24 @@ enum lsa_SidType { > SID_NAME_COMPUTER /* sid for a computer */ > }; > >-#define LOOKUP_NAME_ISOLATED 1 /* Look up unqualified names */ >-#define LOOKUP_NAME_REMOTE 2 /* Ask others */ >-#define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE) > >-#define LOOKUP_NAME_GROUP 4 /* (unused) This is a NASTY hack for valid users = @foo >- * where foo also exists in as user. */ >+#define LOOKUP_NAME_NONE 0x00000000 >+#define LOOKUP_NAME_ISOLATED 0x00000001 /* Look up unqualified names */ >+#define LOOKUP_NAME_REMOTE 0x00000002 /* Ask others */ >+#define LOOKUP_NAME_GROUP 0x00000004 /* (unused) This is a NASTY hack for >+ valid users = @foo where foo also >+ exists in as user. */ >+#define LOOKUP_NAME_EXPLICIT 0x00000008 /* Only include >+ explicitly mapped names and not >+ the Unix {User,Group} domain */ >+#define LOOKUP_NAME_BUILTIN 0x00000010 /* builtin names */ >+#define LOOKUP_NAME_WKN 0x00000020 /* well known names */ >+#define LOOKUP_NAME_DOMAIN 0x00000040 /* only lookup own domain */ >+#define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED\ >+ |LOOKUP_NAME_REMOTE\ >+ |LOOKUP_NAME_BUILTIN\ >+ |LOOKUP_NAME_WKN\ >+ |LOOKUP_NAME_DOMAIN) > > /** > * @brief Security Identifier >diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c >index 37285f0..d1390fd 100644 >--- a/source/passdb/lookup_sid.c >+++ b/source/passdb/lookup_sid.c >@@ -60,16 +60,19 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > name = talloc_strdup(tmp_ctx, full_name); > } > >- DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", >- full_name, domain, name)); >- > if ((domain == NULL) || (name == NULL)) { > DEBUG(0, ("talloc failed\n")); > TALLOC_FREE(tmp_ctx); > return False; > } > >- if (strequal(domain, get_global_sam_name())) { >+ DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n", >+ full_name, domain, name)); >+ DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags)); >+ >+ if ((flags & LOOKUP_NAME_DOMAIN) && >+ strequal(domain, get_global_sam_name())) >+ { > > /* It's our own domain, lookup the name in passdb */ > if (lookup_global_sam_name(name, flags, &rid, &type)) { >@@ -81,8 +84,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > return False; > } > >- if (strequal(domain, builtin_domain_name())) { >- >+ if ((flags & LOOKUP_NAME_BUILTIN) && >+ strequal(domain, builtin_domain_name())) >+ { > /* Explicit request for a name in BUILTIN */ > if (lookup_builtin_name(name, &rid)) { > sid_copy(&sid, &global_sid_Builtin); >@@ -98,6 +102,7 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > * domain yet at this point yet. This comes later. */ > > if ((domain[0] != '\0') && >+ (flags & ~(LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED)) && > (winbind_lookup_name(domain, name, &sid, &type))) { > goto ok; > } >@@ -132,14 +137,18 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > > /* 1. well-known names */ > >- if (lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) { >+ if ((flags & LOOKUP_NAME_WKN) && >+ lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) >+ { > type = SID_NAME_WKN_GRP; > goto ok; > } > > /* 2. Builtin domain as such */ > >- if (strequal(name, builtin_domain_name())) { >+ if ((flags & (LOOKUP_NAME_BUILTIN|LOOKUP_NAME_REMOTE)) && >+ strequal(name, builtin_domain_name())) >+ { > /* Swap domain and name */ > tmp = name; name = domain; domain = tmp; > sid_copy(&sid, &global_sid_Builtin); >@@ -149,7 +158,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > > /* 3. Account domain */ > >- if (strequal(name, get_global_sam_name())) { >+ if ((flags & LOOKUP_NAME_DOMAIN) && >+ strequal(name, get_global_sam_name())) >+ { > if (!secrets_fetch_domain_sid(name, &sid)) { > DEBUG(3, ("Could not fetch my SID\n")); > TALLOC_FREE(tmp_ctx); >@@ -163,7 +174,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > > /* 4. Primary domain */ > >- if (!IS_DC && strequal(name, lp_workgroup())) { >+ if ((flags & LOOKUP_NAME_DOMAIN) && !IS_DC && >+ strequal(name, lp_workgroup())) >+ { > if (!secrets_fetch_domain_sid(name, &sid)) { > DEBUG(3, ("Could not fetch the domain SID\n")); > TALLOC_FREE(tmp_ctx); >@@ -178,8 +191,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > /* 5. Trusted domains as such, to me it looks as if members don't do > this, tested an XP workstation in a NT domain -- vl */ > >- if (IS_DC && (secrets_fetch_trusted_domain_password(name, NULL, >- &sid, NULL))) { >+ if ((flags & LOOKUP_NAME_REMOTE) && IS_DC && >+ (secrets_fetch_trusted_domain_password(name, NULL, &sid, NULL))) >+ { > /* Swap domain and name */ > tmp = name; name = domain; domain = tmp; > type = SID_NAME_DOMAIN; >@@ -188,7 +202,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > > /* 6. Builtin aliases */ > >- if (lookup_builtin_name(name, &rid)) { >+ if ((flags & LOOKUP_NAME_BUILTIN) && >+ lookup_builtin_name(name, &rid)) >+ { > domain = talloc_strdup(tmp_ctx, builtin_domain_name()); > sid_copy(&sid, &global_sid_Builtin); > sid_append_rid(&sid, rid); >@@ -201,7 +217,9 @@ BOOL lookup_name(TALLOC_CTX *mem_ctx, > > /* Both cases are done by looking at our passdb */ > >- if (lookup_global_sam_name(name, flags, &rid, &type)) { >+ if ((flags & LOOKUP_NAME_DOMAIN) && >+ lookup_global_sam_name(name, flags, &rid, &type)) >+ { > domain = talloc_strdup(tmp_ctx, get_global_sam_name()); > sid_copy(&sid, get_global_sam_sid()); > sid_append_rid(&sid, rid); >diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c >index 7a47ced..c105edf 100644 >--- a/source/rpc_server/srv_lsa_nt.c >+++ b/source/rpc_server/srv_lsa_nt.c >@@ -1032,6 +1032,31 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p, > return r_u->status; > } > >+static int lsa_lookup_level_to_flags(uint16 level) >+{ >+ int flags; >+ >+ switch (level) { >+ case 1: >+ flags = LOOKUP_NAME_ALL; >+ break; >+ case 2: >+ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_REMOTE|LOOKUP_NAME_ISOLATED; >+ break; >+ case 3: >+ flags = LOOKUP_NAME_DOMAIN|LOOKUP_NAME_ISOLATED; >+ break; >+ case 4: >+ case 5: >+ case 6: >+ default: >+ flags = LOOKUP_NAME_NONE; >+ break; >+ } >+ >+ return flags; >+} >+ > /*************************************************************************** > lsa_reply_lookup_names > ***************************************************************************/ >@@ -1051,10 +1076,7 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP > DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); > } > >- /* Probably the lookup_level is some sort of bitmask. */ >- if (q_u->lookup_level == 1) { >- flags = LOOKUP_NAME_ALL; >- } >+ flags = lsa_lookup_level_to_flags(q_u->lookup_level); > > ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); > if (!ref) { >@@ -1120,11 +1142,8 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO > num_entries = MAX_LOOKUP_SIDS; > DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries)); > } >- >- /* Probably the lookup_level is some sort of bitmask. */ >- if (q_u->lookup_level == 1) { >- flags = LOOKUP_NAME_ALL; >- } >+ >+ flags = lsa_lookup_level_to_flags(q_u->lookup_level); > > ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); > if (ref == NULL) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4801
: 3045 |
3048