sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

libcli/security: let dom_sid_lookup_predefined_sid() behave like Windows 2008R2

Browse Source 
Windows 2008R2 (172.31.9.133) returns the following:

 #> rpcclient 172.31.9.133 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 S-1-22-1 *unknown*\*unknown* (8)
 S-1-22-1-0 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID

While the current Samba (172.31.9.163) returns the following:

 #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 result was NT_STATUS_INVALID_SID
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 S-1-3 *unknown*\*unknown* (8)

With this change also return the same as Windows 2008R2:

 #> rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c 'lookupsids S-1-22-1 S-1-22-1-0;lookupsids S-1-22;lookupsids S-1-3-0 S-1-3-99;lookupsids S-1-3'
 S-1-22-1 *unknown*\*unknown* (8)
 S-1-22-1-0 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID
 S-1-3-0 \CREATOR OWNER (5)
 S-1-3-99 *unknown*\*unknown* (8)
 result was NT_STATUS_INVALID_SID

This is a minimal fix in order to avoid crashes in the Windows Explorer.
The real fix needs more work and additional tests, as the behavior seems
to be different in newer Windows releases.

The following patch will let us behave like Windows 2022/2025...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 9f369c62317d74615834f99a088caababef685fc)
This commit is contained in:
Stefan Metzmacher 2020-08-12 17:08:14 +02:00 committed by Jule Anger
parent 8d84240c40
commit 40145184e9
2 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libcli/security/util_sid.c
View File

@ -1072,7 +1072,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
const char **authority_name)
{
size_t di;
bool match_domain = false;
*name = NULL;
*type = SID_NAME_UNKNOWN;
@ -1094,8 +1093,6 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
continue;
}
match_domain = true;
for (ni = 0; ni < d->num_names; ni++) {
const struct predefined_name_mapping *n =
&d->names[ni];
@ -1113,7 +1110,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
}
}
if (!match_domain) {
if (sid->num_auths == 0) {
return NT_STATUS_INVALID_SID;
}

1
selftest/knownfail.d/samba.tests.dcerpc.lsa
View File

@ -1 +1,2 @@
^samba.tests.dcerpc.lsa.*.LsaTests.test_lsa_LookupSids2_invalid_sid
^samba.tests.dcerpc.lsa.*.LsaTests.test_lsa_LookupSids2_some_not_mapped