[Patches] AD DC and lsa lookup sids/names for trusts
Andreas Schneider
asn at samba.org
Tue Feb 20 15:42:07 UTC 2018
On Monday, 19 February 2018 22:51:50 CET Stefan Metzmacher via samba-technical
wrote:
> Hi,
>
> here're some patches, which are currently being reviewed by Ralph.
>
> They allow transitive forwarding of lsa lookup sids/names to trusted
> domains and forests, when acting as AD DC.
>
> The most important reason to have this is, that Samba domain member
> servers rely on lsa lookup sids/names to work for a successful
> authentication.
>
> The bug references need to we updated...
>
> The meta bug is https://bugzilla.samba.org/show_bug.cgi?id=13287
Beside the things which Ralph found:
***
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lo...
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lo...
could you please split the 'if' in two lines while at it?
names = talloc_zero_array(mem_ctx, char *, num_sids);
if (name == NULL) {
***
rpcclient: add lookupsids_level command
The pointers are not initialized with NULL
Also if-clause for-loop miss brackets { } ... CVE-2014-1266
***
s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on
dcesrv_lsa_LookupNames_common()
struct lsa_LookupNames3 r2;
Use struct lsa_LookupNames3 r2 = {0}; and remove the ZERO_STRUCT(r2) then.
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list