[PATCH] s4: Add additional well-known SID's/RID's
Andrew Kroeger
andrew at id10ts.net
Fri May 29 02:04:13 GMT 2009
All:
Please find attached two patches to add additional well-known
SID's/RID's and expand the number of 2-letter mapping codes that are
used when encoding/decoding SDDL.
These patches are also available at git://github.com/id10ts/samba.git.
Sincerely,
Andrew Kroeger
-------------- next part --------------
>From 7b6100addb644bf25f2b43b329ae1d571245695c Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew at id10ts.net>
Date: Thu, 28 May 2009 20:02:42 -0500
Subject: [PATCH] s4: Add additional well-known SID's/RID's.
Information was found at http://support.microsoft.com/kb/243330
Not all well-known identifiers were included - only those necessary for
enhancing the 2-letter mappings used in SDDL strings were added.
---
librpc/gen_ndr/security.h | 4 ++++
librpc/idl/security.idl | 4 ++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 9db2108..d1dcbe5 100644
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -121,17 +121,21 @@
#define SID_BUILTIN_REPLICATOR ( "S-1-5-32-552" )
#define SID_BUILTIN_RAS_SERVERS ( "S-1-5-32-553" )
#define SID_BUILTIN_PREW2K ( "S-1-5-32-554" )
+#define SID_BUILTIN_REMOTE_DESKTOP_USERS ( "S-1-5-32-555" )
+#define SID_BUILTIN_NETWORK_CONF_OPERATORS ( "S-1-5-32-556" )
#define DOMAIN_RID_LOGON ( 9 )
#define DOMAIN_RID_ADMINISTRATOR ( 500 )
#define DOMAIN_RID_GUEST ( 501 )
#define DOMAIN_RID_KRBTGT ( 502 )
#define DOMAIN_RID_ADMINS ( 512 )
#define DOMAIN_RID_USERS ( 513 )
+#define DOMAIN_RID_GUESTS ( 514 )
#define DOMAIN_RID_DOMAIN_MEMBERS ( 515 )
#define DOMAIN_RID_DCS ( 516 )
#define DOMAIN_RID_CERT_ADMINS ( 517 )
#define DOMAIN_RID_SCHEMA_ADMINS ( 518 )
#define DOMAIN_RID_ENTERPRISE_ADMINS ( 519 )
+#define DOMAIN_RID_POLICY_ADMINS ( 520 )
#define NT4_ACL_REVISION ( SECURITY_ACL_REVISION_NT4 )
#define SD_REVISION ( SECURITY_DESCRIPTOR_REVISION_1 )
struct dom_sid {
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 941883f..9728c7f 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -219,6 +219,8 @@ interface security
const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552";
const string SID_BUILTIN_RAS_SERVERS = "S-1-5-32-553";
const string SID_BUILTIN_PREW2K = "S-1-5-32-554";
+ const string SID_BUILTIN_REMOTE_DESKTOP_USERS = "S-1-5-32-555";
+ const string SID_BUILTIN_NETWORK_CONF_OPERATORS = "S-1-5-32-556";
/* well-known domain RIDs */
const int DOMAIN_RID_LOGON = 9;
@@ -227,11 +229,13 @@ interface security
const int DOMAIN_RID_KRBTGT = 502;
const int DOMAIN_RID_ADMINS = 512;
const int DOMAIN_RID_USERS = 513;
+ const int DOMAIN_RID_GUESTS = 514;
const int DOMAIN_RID_DOMAIN_MEMBERS = 515;
const int DOMAIN_RID_DCS = 516;
const int DOMAIN_RID_CERT_ADMINS = 517;
const int DOMAIN_RID_SCHEMA_ADMINS = 518;
const int DOMAIN_RID_ENTERPRISE_ADMINS = 519;
+ const int DOMAIN_RID_POLICY_ADMINS = 520;
/*
--
1.6.0.6
-------------- next part --------------
>From f63d0ed97be9540f1db707dae2a2d8b927e572ee Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew at id10ts.net>
Date: Thu, 28 May 2009 20:18:33 -0500
Subject: [PATCH] s4: Add additional 2-letter SID/RID mappings.
Information from http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx
---
source4/libcli/security/sddl.c | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index a8d893f..39bdf04 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -80,11 +80,34 @@ static const struct {
{ "CO", SID_CREATOR_OWNER },
{ "CG", SID_CREATOR_GROUP },
+ { "AN", SID_NT_ANONYMOUS },
+ { "BG", SID_BUILTIN_GUESTS },
+ { "BO", SID_BUILTIN_BACKUP_OPERATORS },
+ { "BU", SID_BUILTIN_USERS },
+ { "IU", SID_NT_INTERACTIVE },
+ { "LS", SID_NT_LOCAL_SERVICE },
+ { "NO", SID_BUILTIN_NETWORK_CONF_OPERATORS },
+ { "NS", SID_NT_NETWORK_SERVICE },
+ { "NU", SID_NT_NETWORK },
+ { "PU", SID_BUILTIN_POWER_USERS },
+ { "RC", SID_NT_RESTRICTED },
+ { "RD", SID_BUILTIN_REMOTE_DESKTOP_USERS },
+ { "RE", SID_BUILTIN_REPLICATOR },
+ { "SO", SID_BUILTIN_ACCOUNT_OPERATORS },
+ { "SU", SID_NT_SERVICE },
+
{ "DA", NULL, DOMAIN_RID_ADMINS },
{ "EA", NULL, DOMAIN_RID_ENTERPRISE_ADMINS },
{ "DD", NULL, DOMAIN_RID_DCS },
{ "DU", NULL, DOMAIN_RID_USERS },
{ "CA", NULL, DOMAIN_RID_CERT_ADMINS },
+
+ { "DC", NULL, DOMAIN_RID_DOMAIN_MEMBERS },
+ { "DG", NULL, DOMAIN_RID_GUESTS },
+ { "LA", NULL, DOMAIN_RID_ADMINISTRATOR },
+ { "LG", NULL, DOMAIN_RID_GUEST },
+ { "PA", NULL, DOMAIN_RID_POLICY_ADMINS },
+ { "SA", NULL, DOMAIN_RID_SCHEMA_ADMINS },
};
/*
--
1.6.0.6
More information about the samba-technical
mailing list