sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.

Browse Source 
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This commit is contained in:
Jeremy Allison 2015-10-15 09:20:58 -07:00 committed by Uri Simchoni
parent 23f674488a
commit 2f6dc260ad
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
source3/passdb/lookup_sid.c
View File

@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
return false;
}
if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
/*
* Finally check for a well known domain name ("NT Authority"),
* this is taken care if in lookup_wellknown_name().
*/
if ((domain[0] != '\0') &&
(flags & LOOKUP_NAME_WKN) &&
lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
{
type = SID_NAME_WKN_GRP;
goto ok;
}
/*
* If we're told not to look up 'isolated' names then we're
* done.
*/
if (!(flags & LOOKUP_NAME_ISOLATED)) {
TALLOC_FREE(tmp_ctx);
return false;
}
/*
* No domain names beyond this point
*/
if (domain[0] != '\0') {
TALLOC_FREE(tmp_ctx);
return false;
}
@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
/* 1. well-known names */
/*
* Check for well known names without a domain name.
* e.g. \Creator Owner.
*/
if ((flags & LOOKUP_NAME_WKN) &&
lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
{