"NT Authority" mapping failures
Ralph Böhme
slow at samba.org
Tue Nov 27 17:26:42 UTC 2018
Hi Jeremy,
I came across this ancient gem: :)
0492effcf36bc1229d0d2e9250b6c6c36af0b117
By chance, do you remember the reasoning for ignoring mapping failures with
these two domain?
I'm asking because I just stumbled across that currently mapping users and
groups from "NT Authority" fails. I discovered this (though I fainlty remember I
ran into this before) when modifying CI to run raw.acls tests against the
enhanced vfs_nfs4acl_xattr module.
Most test failed because lookupname "NT Authority/Authenticated Users" isn't
working. I have a WIP patch to fix this (attached) and while poking around I
came across the above commit that paves above such mapping failures in the
posix_acls.c code.
Thoughts? :)
Thanks!
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
From f4663336ad11e8507ec771f91d0820fbebc91ab2 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Tue, 27 Nov 2018 17:05:58 +0100
Subject: [PATCH] WIP: winbindd: handle "NT Authority"
Without this:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority/Authenticated Users
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group NT Authority/Authenticated Users
With the patch:
$ bin/wbinfo -n "NT Authority/Authenticated Users"
S-1-5-11 SID_WKN_GROUP (5)
$ bin/wbinfo --group-info="NT Authority/Authenticated Users"
NT AUTHORITY/authenticated users:
---
source3/winbindd/winbindd_util.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 090a90574ce..e4af81ea868 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1516,11 +1516,12 @@ struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid)
struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name)
{
if ( strequal(domain_name, unix_users_domain_name() ) ||
- strequal(domain_name, unix_groups_domain_name() ) )
+ strequal(domain_name, unix_groups_domain_name() ) ||
+ strequal(domain_name, "NT Authority"))
{
/*
- * The "Unix User" and "Unix Group" domain our handled by
- * passdb
+ * The "Unix User", "Unix Group" and "NT Authority" domains our
+ * handled by passdb
*/
return find_domain_from_name_noinit( get_global_sam_name() );
}
--
2.17.2
More information about the samba-technical
mailing list