mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:lib: validate domain name in lookup_wellknown_name()
If domain argument is not an empty string, only search the matching wellknown domain name. As the only wellknown domain with a name is "NT Authority", passing "" to lookup_wellknown_name() will search all domains inlcuding "NT Authority". Passing "NT Authority" otoh will obviously only search that domain. This change makes lookup_wellknown_name() behave like this: in domain | in name | ok | out sid | out domain ======================================================== Dialup + S-1-5-1 NT Authority NT Authority Dialup + S-1-5-1 NT Authority Creator Authority Dialup - - - Creator Owner + S-1-3-0 "" Creator Authority Creator Owner - - - NT Authority Creator Owner - - - BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
This commit is contained in:
parent
808f29cb2f
commit
23f674488a
@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
|
||||
***************************************************************************/
|
||||
|
||||
bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
|
||||
struct dom_sid *sid, const char **domain)
|
||||
struct dom_sid *sid, const char **pdomain)
|
||||
{
|
||||
int i, j;
|
||||
const char *domain = *pdomain;
|
||||
|
||||
DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name));
|
||||
DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
|
||||
|
||||
for (i=0; special_domains[i].sid != NULL; i++) {
|
||||
const struct rid_name_map *users =
|
||||
special_domains[i].known_users;
|
||||
|
||||
if (domain[0] != '\0') {
|
||||
if (!strequal(domain, special_domains[i].name)) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (users == NULL)
|
||||
continue;
|
||||
|
||||
@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
|
||||
if ( strequal(users[j].name, name) ) {
|
||||
sid_compose(sid, special_domains[i].sid,
|
||||
users[j].rid);
|
||||
*domain = talloc_strdup(
|
||||
*pdomain = talloc_strdup(
|
||||
mem_ctx, special_domains[i].name);
|
||||
return True;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user