[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Wed Dec 5 10:28:02 UTC 2018
The branch, master has been updated
via 8b8d9fdad4a winbindd: Route predefined domains through the BUILTIN domain child
via b512a58bbd7 winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
via e0f784baeaa winbindd: add some braces
via 2de5f06d399 libcli/security: add dom_sid_lookup_is_predefined_domain()
via c46b6b111e8 selftest: test wbinfo -n and --gid-info with "NT Authority"
from a92f0ccce60 s3:tests: Add test for checking that root is not allowed as home dir
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 28 15:39:21 2018 +0100
winbindd: Route predefined domains through the BUILTIN domain child
Without this eg "NT Authority" didn't work:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY\authenticated users:x:10002:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
commit b512a58bbd7361cbbcf68f6713943377338fc2a1
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 28 17:20:41 2018 +0100
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Route predefined domains through the BUILTIN domain child, not passdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit e0f784baeaa73096534d9a1ed941028d99f84ece
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 27 17:32:09 2018 +0100
winbindd: add some braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2de5f06d399109009c343b0acfef822db38502a1
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 28 17:19:39 2018 +0100
libcli/security: add dom_sid_lookup_is_predefined_domain()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c46b6b111e8adcd7cf029e5c3293cbdc471793db
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 27 20:32:09 2018 +0100
selftest: test wbinfo -n and --gid-info with "NT Authority"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/dom_sid.h | 1 +
libcli/security/util_sid.c | 33 +++++++++++++++++++++++++++++++++
nsswitch/tests/test_wbinfo.sh | 18 ++++++++++++++++++
source3/winbindd/winbindd_util.c | 37 +++++++++++++++++--------------------
4 files changed, 69 insertions(+), 20 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 1effdbc2f6c..abaf305f96a 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -74,6 +74,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
enum lsa_SidType *type,
const struct dom_sid **authority_sid,
const char **authority_name);
+bool dom_sid_lookup_is_predefined_domain(const char *domain);
int dom_sid_compare_auth(const struct dom_sid *sid1,
const struct dom_sid *sid2);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index af04dff1325..531d3809565 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -879,6 +879,39 @@ NTSTATUS dom_sid_lookup_predefined_name(const char *name,
return NT_STATUS_NONE_MAPPED;
}
+bool dom_sid_lookup_is_predefined_domain(const char *domain)
+{
+ size_t di;
+ bool match;
+
+ if (domain == NULL) {
+ domain = "";
+ }
+
+ match = strequal(domain, "");
+ if (match) {
+ /*
+ * Strange, but that's what W2012R2 does.
+ */
+ domain = "BUILTIN";
+ }
+
+ for (di = 0; di < ARRAY_SIZE(predefined_domains); di++) {
+ const struct predefined_domain_mapping *d =
+ &predefined_domains[di];
+ int cmp;
+
+ cmp = strcasecmp(d->domain, domain);
+ if (cmp != 0) {
+ continue;
+ }
+
+ return true;
+ }
+
+ return false;
+}
+
NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
const char **name,
enum lsa_SidType *type,
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 67660e50fc8..2ac83828a0e 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -125,6 +125,24 @@ else
echo "success: wbinfo -n check for sane mapping"
fi
+echo "test: wbinfo -n NT Authority/Authenticated Users"
+$wbinfo -n "NT Authority/Authenticated Users"
+if [ $? -ne 0 ] ; then
+ echo "failure: wbinfo -n NT Authority/Authenticated Users"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo -n NT Authority/Authenticated Users"
+fi
+
+echo "test: wbinfo --group-info NT Authority/Authenticated Users"
+$wbinfo --group-info "NT Authority/Authenticated Users"
+if [ $? -ne 0 ] ; then
+ echo "failure: wbinfo --group-info NT Authority/Authenticated Users"
+ failed=`expr $failed + 1`
+else
+ echo "success: wbinfo --group-info NT Authority/Authenticated Users"
+fi
+
testit "wbinfo -U against $TARGET" $wbinfo -U 30000 || failed=`expr $failed + 1`
echo "test: wbinfo -U check for sane mapping"
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 9bc25d98c4e..75d2f31b55f 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -108,15 +108,6 @@ static bool is_internal_domain(const struct dom_sid *sid)
return (sid_check_is_our_sam(sid) || sid_check_is_builtin(sid));
}
-static bool is_in_internal_domain(const struct dom_sid *sid)
-{
- if (sid == NULL)
- return False;
-
- return (sid_check_is_in_our_sam(sid) || sid_check_is_in_builtin(sid));
-}
-
-
/* Add a trusted domain to our list of domains.
If the domain already exists in the list,
return it and don't re-initialize. */
@@ -1475,20 +1466,18 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
sid_check_is_unix_groups(sid) ||
sid_check_is_in_unix_users(sid) ||
sid_check_is_unix_users(sid) ||
- sid_check_is_wellknown_domain(sid, NULL) ||
- sid_check_is_in_wellknown_domain(sid) )
+ sid_check_is_our_sam(sid) ||
+ sid_check_is_in_our_sam(sid) )
{
return find_domain_from_sid(get_global_sam_sid());
}
- /*
- * On member servers the internal domains are different: These are part
- * of the local SAM.
- */
-
- if (is_internal_domain(sid) || is_in_internal_domain(sid)) {
- DEBUG(10, ("calling find_domain_from_sid\n"));
- return find_domain_from_sid(sid);
+ if ( sid_check_is_builtin(sid) ||
+ sid_check_is_in_builtin(sid) ||
+ sid_check_is_wellknown_domain(sid, NULL) ||
+ sid_check_is_in_wellknown_domain(sid) )
+ {
+ return find_domain_from_sid(&global_sid_Builtin);
}
if (IS_DC) {
@@ -1515,6 +1504,8 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
{
+ bool predefined;
+
if ( strequal(domain_name, unix_users_domain_name() ) ||
strequal(domain_name, unix_groups_domain_name() ) )
{
@@ -1526,8 +1517,14 @@ struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
}
if (strequal(domain_name, "BUILTIN") ||
- strequal(domain_name, get_global_sam_name()))
+ strequal(domain_name, get_global_sam_name())) {
return find_domain_from_name_noinit(domain_name);
+ }
+
+ predefined = dom_sid_lookup_is_predefined_domain(domain_name);
+ if (predefined) {
+ return find_domain_from_name_noinit(builtin_domain_name());
+ }
if (IS_DC) {
struct winbindd_domain *domain = NULL;
--
Samba Shared Repository
More information about the samba-cvs
mailing list