mirror of
https://github.com/samba-team/samba.git
synced 2025-01-12 09:18:10 +03:00
cracknames: Add support for SID string format
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
3e531bb885
commit
6b57583830
selftest/knownfail.d
source4
@ -1 +0,0 @@
|
||||
^samba4.ldap.bind\(fl2008r2dc\).__main__.BindTests.test_user_account_bind\(fl2008r2dc\)
|
@ -889,6 +889,9 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
||||
const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
|
||||
const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
|
||||
|
||||
const char * const _domain_attrs_sid[] = { "ncName", "dnsRoot", NULL};
|
||||
const char * const _result_attrs_sid[] = { "objectSid", NULL};
|
||||
|
||||
const char * const _domain_attrs_none[] = { "ncName", "dnsRoot" , NULL};
|
||||
const char * const _result_attrs_none[] = { NULL};
|
||||
|
||||
@ -923,6 +926,10 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
||||
domain_attrs = _domain_attrs_spn;
|
||||
result_attrs = _result_attrs_spn;
|
||||
break;
|
||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
||||
domain_attrs = _domain_attrs_sid;
|
||||
result_attrs = _result_attrs_sid;
|
||||
break;
|
||||
default:
|
||||
domain_attrs = _domain_attrs_none;
|
||||
result_attrs = _result_attrs_none;
|
||||
@ -1271,12 +1278,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
||||
}
|
||||
return WERR_OK;
|
||||
}
|
||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
|
||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: {
|
||||
info1->dns_domain_name = NULL;
|
||||
info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
|
||||
return WERR_OK;
|
||||
}
|
||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
|
||||
const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
|
||||
|
||||
if (sid == NULL) {
|
||||
info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
|
||||
return WERR_OK;
|
||||
}
|
||||
|
||||
info1->result_name = dom_sid_string(mem_ctx, sid);
|
||||
W_ERROR_HAVE_NO_MEMORY(info1->result_name);
|
||||
|
||||
info1->status = DRSUAPI_DS_NAME_STATUS_OK;
|
||||
return WERR_OK;
|
||||
}
|
||||
case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
|
||||
info1->result_name = ldb_msg_find_attr_as_string(result, "userPrincipalName", NULL);
|
||||
if (!info1->result_name) {
|
||||
@ -1487,6 +1507,12 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* Here we only consider a subset of the possible name forms listed in
|
||||
* [MS-ADTS] 5.1.1.1.1, and we don't retry with a different name form if
|
||||
* the first attempt fails.
|
||||
*/
|
||||
|
||||
if (strchr_m(name, '=')) {
|
||||
format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
|
||||
} else if (strchr_m(name, '@')) {
|
||||
@ -1495,6 +1521,8 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
|
||||
format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
|
||||
} else if (strchr_m(name, '/')) {
|
||||
format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
|
||||
} else if ((name[0] == 'S' || name[0] == 's') && name[1] == '-') {
|
||||
format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
|
||||
} else {
|
||||
return NT_STATUS_NO_SUCH_USER;
|
||||
}
|
||||
|
@ -60,8 +60,7 @@ class DrsCracknamesTestCase(drs_base.DrsBaseTestCase):
|
||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
|
||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
|
||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
|
||||
# We currently don't support this
|
||||
# drsuapi.DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
|
||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
|
||||
# This format is not supported by Windows (or us)
|
||||
# drsuapi.DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN,
|
||||
}
|
||||
|
@ -129,7 +129,6 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
|
||||
break;
|
||||
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
|
||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
||||
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
|
||||
err_msg = talloc_asprintf(mem_ctx,
|
||||
"Unexpected error (%d): This name lookup should fail",
|
||||
@ -156,7 +155,6 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
|
||||
n_from[i] = service_principal_name;
|
||||
break;
|
||||
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
|
||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
||||
n_from[i] = NULL;
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user