The Samba-Bugzilla – Attachment 9304 Details for
Bug 10217
winbind idmap_ad pulls group sIDHistory attribute as a valid group SID
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to ignore sidhistory SID
winbind-sidhistory-ignore.patch (text/plain), 1.46 KB, created by
Matt Rogers
on 2013-10-18 13:41:02 UTC
(
hide
)
Description:
patch to ignore sidhistory SID
Filename:
MIME Type:
Creator:
Matt Rogers
Created:
2013-10-18 13:41:02 UTC
Size:
1.46 KB
patch
obsolete
>diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c >index 2f80a36..31e3f4e 100644 >--- a/libcli/security/dom_sid.c >+++ b/libcli/security/dom_sid.c >@@ -109,6 +109,10 @@ int dom_sid_compare_domain(const struct dom_sid *sid1, > > n = MIN(sid1->num_auths, sid2->num_auths); > >+ /* for comparing full sid+rid */ >+ if (n == 5) >+ n--; >+ > for (i = n-1; i >= 0; --i) > if (sid1->sub_auths[i] != sid2->sub_auths[i]) > return sid1->sub_auths[i] - sid2->sub_auths[i]; >diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c >index 3099ff0..c62ed77 100644 >--- a/source3/winbindd/winbindd_ads.c >+++ b/source3/winbindd/winbindd_ads.c >@@ -976,6 +976,14 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, > if (sid_check_is_in_builtin(&sids[i])) { > continue; > } >+ /* ignore any possible sIDHistory entries */ >+ if (!lp_allow_trusted_domains() && >+ dom_sid_compare_domain(sid, &sids[i])) { >+ DEBUG(10,("ads lookup_usergroups ignoring " >+ "%s: outside of the trusted domain\n", >+ sid_string_dbg(&sids[i]))); >+ continue; >+ } > > status = add_sid_to_array_unique(mem_ctx, &sids[i], > user_sids, &num_groups);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9304">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10217
: 9304