[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Sat Jan 16 00:25:03 UTC 2016


The branch, master has been updated
       via  ecc7022 s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3().
       via  a924209 s3-util: add helper functions to deal with the S-1-18 domain.
       via  cf163ac security: Add Asserted Identity sids (S-1-18)
      from  d1235c7 ldb: Fix CID 1348110 Uninitialized scalar variable

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ecc7022d7c3cd481b0caf6c9c48c72ea3e7ac822
Author: Günther Deschner <gd at samba.org>
Date:   Fri Jan 15 14:43:48 2016 +0100

    s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3().
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Jan 16 01:24:04 CET 2016 on sn-devel-144

commit a92420911d4786e6fe58091f9641e2b193513f0c
Author: Günther Deschner <gd at samba.org>
Date:   Fri Jan 15 14:43:12 2016 +0100

    s3-util: add helper functions to deal with the S-1-18 domain.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit cf163ac359ee8414dd34723bdce79c33e225d3c9
Author: Günther Deschner <gd at samba.org>
Date:   Fri Jan 15 14:46:07 2016 +0100

    security: Add Asserted Identity sids (S-1-18)
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
    
    definitions taken from [MS-DTYP]: Windows Data Types,
    2.4.2.4 Well-Known SID Structures.
    
    Guenther
    
    Signed-off-by: Günther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/dom_sid.h                          |  3 +++
 libcli/security/util_sid.c                         |  8 ++++++
 librpc/idl/security.idl                            |  3 +++
 source3/include/proto.h                            |  5 ++++
 source3/lib/util_sid.c                             |  5 ++++
 .../winbindd_async.c => lib/util_specialsids.c}    | 30 +++++++++++++---------
 source3/wscript_build                              |  1 +
 7 files changed, 43 insertions(+), 12 deletions(-)
 copy source3/{winbindd/winbindd_async.c => lib/util_specialsids.c} (62%)


Changeset truncated at 500 lines:

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 990a4c4..bdcec94 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -36,6 +36,9 @@ extern const struct dom_sid global_sid_System;
 extern const struct dom_sid global_sid_NULL;
 extern const struct dom_sid global_sid_Authenticated_Users;
 extern const struct dom_sid global_sid_Network;
+extern const struct dom_sid global_sid_Asserted_Identity;
+extern const struct dom_sid global_sid_Asserted_Identity_Service;
+extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority;
 extern const struct dom_sid global_sid_Creator_Owner;
 extern const struct dom_sid global_sid_Creator_Group;
 extern const struct dom_sid global_sid_Owner_Rights;
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 3399801..ab3018a 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -55,6 +55,14 @@ const struct dom_sid global_sid_Authenticated_Users =	/* All authenticated rids
 const struct dom_sid global_sid_Restriced =			/* Restriced Code */
 { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 #endif
+
+const struct dom_sid global_sid_Asserted_Identity =       /* Asserted Identity */
+{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Asserted_Identity_Service =	/* Asserted Identity Service */
+{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority =	/* Asserted Identity Authentication Authority */
+{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+
 const struct dom_sid global_sid_Network =			/* Network rids */
 { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b78307e..f412ffe 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -285,6 +285,9 @@ interface security
 	const string SID_NT_TRUSTED_INSTALLER =
 		"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
 
+	const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
+	const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
+
 	/* well-known domain RIDs */
 	const int DOMAIN_RID_LOGON                   = 9;
 	const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a53aabd..809cb95 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1174,6 +1174,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
 const char *unix_groups_domain_name(void);
 bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
 
+/* The following definitions come from lib/util_specialsids.c  */
+bool sid_check_is_asserted_identity(const struct dom_sid *sid);
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
+const char *asserted_identity_domain_name(void);
+
 /* The following definitions come from lib/filename_util.c */
 
 NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname,
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 4b6fb81..4d57a92 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -185,6 +185,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
          */
 
 	for (i = 0; i < info3->sidcount; i++) {
+
+		if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
+			continue;
+		}
+
 		status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
 				      &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/winbindd/winbindd_async.c b/source3/lib/util_specialsids.c
similarity index 62%
copy from source3/winbindd/winbindd_async.c
copy to source3/lib/util_specialsids.c
index 75dfa0e..4c402d6 100644
--- a/source3/winbindd/winbindd_async.c
+++ b/source3/lib/util_specialsids.c
@@ -1,10 +1,6 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
-
-   Async helpers for blocking functions
-
-   Copyright (C) Volker Lendecke 2005
-   Copyright (C) Gerald Carter 2006
+   Copyright (C) Guenther Deschner 2016
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,14 +17,24 @@
 */
 
 #include "includes.h"
-#include "winbindd.h"
 #include "../libcli/security/security.h"
 
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
+bool sid_check_is_asserted_identity(const struct dom_sid *sid)
+{
+	return dom_sid_equal(sid, &global_sid_Asserted_Identity);
+}
+
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
+{
+	struct dom_sid dom_sid;
+
+	sid_copy(&dom_sid, sid);
+	sid_split_rid(&dom_sid, NULL);
+
+	return sid_check_is_asserted_identity(&dom_sid);
+}
 
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
-					struct winbindd_cli_state *state)
+const char *asserted_identity_domain_name(void)
 {
-	return WINBINDD_OK;
+	return "Asserted Identity";
 }
diff --git a/source3/wscript_build b/source3/wscript_build
index 9d5d0d0..b8eaeca 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -253,6 +253,7 @@ bld.SAMBA3_SUBSYSTEM('samba3util',
                    lib/recvfile.c
                    lib/time.c
                    lib/util_sid.c
+                   lib/util_specialsids.c
                    lib/util_file.c
                    lib/util.c
                    lib/util_path.c


-- 
Samba Shared Repository



More information about the samba-cvs mailing list