1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3:lib: validate domain name in lookup_wellknown_name()

If domain argument is not an empty string, only search the matching
wellknown domain name.

As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".

Passing "NT Authority" otoh will obviously only search that domain.

This change makes lookup_wellknown_name() behave like this:

in domain         | in name       | ok | out sid | out domain
========================================================
                    Dialup          +    S-1-5-1   NT Authority
NT Authority        Dialup          +    S-1-5-1   NT Authority
Creator Authority   Dialup          -    -         -
                    Creator Owner   +    S-1-3-0   ""
Creator Authority   Creator Owner   -    -         -
NT Authority        Creator Owner   -    -         -

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This commit is contained in:
Ralph Boehme 2015-10-15 12:35:26 +02:00 committed by Uri Simchoni
parent 808f29cb2f
commit 23f674488a

View File

@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
***************************************************************************/
bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
struct dom_sid *sid, const char **domain)
struct dom_sid *sid, const char **pdomain)
{
int i, j;
const char *domain = *pdomain;
DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name));
DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name));
for (i=0; special_domains[i].sid != NULL; i++) {
const struct rid_name_map *users =
special_domains[i].known_users;
if (domain[0] != '\0') {
if (!strequal(domain, special_domains[i].name)) {
continue;
}
}
if (users == NULL)
continue;
@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
if ( strequal(users[j].name, name) ) {
sid_compose(sid, special_domains[i].sid,
users[j].rid);
*domain = talloc_strdup(
*pdomain = talloc_strdup(
mem_ctx, special_domains[i].name);
return True;
}