sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

s4:rpc_server/lsa: let LookupSids* behave like Windows 2022/2025

Browse Source 
The important part is the INVALID_SID should not
cause an early exit of the loop.

We need to return the intact names array with the
correct count. And only return INVALID_SID
if we would otherwise return NONE_MAPPED.

For SOME_NOT_MAPPED we need to ignore invalid sids
and just pretend they are not mapped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Stefan Metzmacher 2023-03-10 15:05:15 +01:00 committed by Douglas Bagnall
parent 9f369c6231
commit 218a0f067c
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
selftest/knownfail.d/samba.tests.dcerpc.lsa
View File

@ -1,2 +0,0 @@
^samba.tests.dcerpc.lsa.*.LsaTests.test_lsa_LookupSids2_invalid_sid
^samba.tests.dcerpc.lsa.*.LsaTests.test_lsa_LookupSids2_some_not_mapped

15
source4/rpc_server/lsa/lsa_lookup.c
View File

@ -35,6 +35,7 @@ struct dcesrv_lsa_TranslatedItem {
uint32_t flags;
uint32_t wb_idx;
bool done;
bool invalid_sid;
struct {
const char *domain; /* only $DOMAIN\ */
const char *namespace; /* $NAMESPACE\ or @$NAMESPACE */
@ -380,6 +381,10 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_call(struct dcesrv_lsa_LookupSids_bas
status = view->lookup_sid(state, item);
if (NT_STATUS_IS_OK(status)) {
item->done = true;
} else if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_SID)) {
item->done = true;
item->invalid_sid = true;
status = NT_STATUS_OK;
} else if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
status = NT_STATUS_OK;
} else if (NT_STATUS_EQUAL(status, NT_STATUS_SOME_NOT_MAPPED)) {
@ -438,6 +443,7 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_finish(
struct dcesrv_lsa_LookupSids_base_state *state)
{
struct lsa_LookupSids3 *r = &state->r;
uint32_t num_invalid_sid = 0;
uint32_t i;
for (i=0;i<r->in.sids->num_sids;i++) {
@ -470,9 +476,18 @@ static NTSTATUS dcesrv_lsa_LookupSids_base_finish(
if (item->type != SID_NAME_UNKNOWN) {
(*r->out.count)++;
}
if (item->invalid_sid) {
num_invalid_sid++;
}
}
if (*r->out.count == 0) {
if (num_invalid_sid != 0) {
for (i=0;i<r->out.names->count;i++) {
r->out.names->names[i].name.string = NULL;
}
return NT_STATUS_INVALID_SID;
}
return NT_STATUS_NONE_MAPPED;
}
if (*r->out.count != r->in.sids->num_sids) {