mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
cracknames: Add support for SID string format
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
parent
3e531bb885
commit
6b57583830
@ -1 +0,0 @@
|
|||||||
^samba4.ldap.bind\(fl2008r2dc\).__main__.BindTests.test_user_account_bind\(fl2008r2dc\)
|
|
@ -889,6 +889,9 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
|||||||
const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
|
const char * const _domain_attrs_display[] = { "ncName", "dnsRoot", NULL};
|
||||||
const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
|
const char * const _result_attrs_display[] = { "displayName", "samAccountName", NULL};
|
||||||
|
|
||||||
|
const char * const _domain_attrs_sid[] = { "ncName", "dnsRoot", NULL};
|
||||||
|
const char * const _result_attrs_sid[] = { "objectSid", NULL};
|
||||||
|
|
||||||
const char * const _domain_attrs_none[] = { "ncName", "dnsRoot" , NULL};
|
const char * const _domain_attrs_none[] = { "ncName", "dnsRoot" , NULL};
|
||||||
const char * const _result_attrs_none[] = { NULL};
|
const char * const _result_attrs_none[] = { NULL};
|
||||||
|
|
||||||
@ -923,6 +926,10 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
|||||||
domain_attrs = _domain_attrs_spn;
|
domain_attrs = _domain_attrs_spn;
|
||||||
result_attrs = _result_attrs_spn;
|
result_attrs = _result_attrs_spn;
|
||||||
break;
|
break;
|
||||||
|
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
||||||
|
domain_attrs = _domain_attrs_sid;
|
||||||
|
result_attrs = _result_attrs_sid;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
domain_attrs = _domain_attrs_none;
|
domain_attrs = _domain_attrs_none;
|
||||||
result_attrs = _result_attrs_none;
|
result_attrs = _result_attrs_none;
|
||||||
@ -1271,12 +1278,25 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_
|
|||||||
}
|
}
|
||||||
return WERR_OK;
|
return WERR_OK;
|
||||||
}
|
}
|
||||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN: {
|
||||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
|
|
||||||
info1->dns_domain_name = NULL;
|
info1->dns_domain_name = NULL;
|
||||||
info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
|
info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
|
||||||
return WERR_OK;
|
return WERR_OK;
|
||||||
}
|
}
|
||||||
|
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY: {
|
||||||
|
const struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, result, "objectSid");
|
||||||
|
|
||||||
|
if (sid == NULL) {
|
||||||
|
info1->status = DRSUAPI_DS_NAME_STATUS_NO_MAPPING;
|
||||||
|
return WERR_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
info1->result_name = dom_sid_string(mem_ctx, sid);
|
||||||
|
W_ERROR_HAVE_NO_MEMORY(info1->result_name);
|
||||||
|
|
||||||
|
info1->status = DRSUAPI_DS_NAME_STATUS_OK;
|
||||||
|
return WERR_OK;
|
||||||
|
}
|
||||||
case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
|
case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: {
|
||||||
info1->result_name = ldb_msg_find_attr_as_string(result, "userPrincipalName", NULL);
|
info1->result_name = ldb_msg_find_attr_as_string(result, "userPrincipalName", NULL);
|
||||||
if (!info1->result_name) {
|
if (!info1->result_name) {
|
||||||
@ -1487,6 +1507,12 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
|
|||||||
return NT_STATUS_OK;
|
return NT_STATUS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Here we only consider a subset of the possible name forms listed in
|
||||||
|
* [MS-ADTS] 5.1.1.1.1, and we don't retry with a different name form if
|
||||||
|
* the first attempt fails.
|
||||||
|
*/
|
||||||
|
|
||||||
if (strchr_m(name, '=')) {
|
if (strchr_m(name, '=')) {
|
||||||
format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
|
format_offered = DRSUAPI_DS_NAME_FORMAT_FQDN_1779;
|
||||||
} else if (strchr_m(name, '@')) {
|
} else if (strchr_m(name, '@')) {
|
||||||
@ -1495,6 +1521,8 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx,
|
|||||||
format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
|
format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT;
|
||||||
} else if (strchr_m(name, '/')) {
|
} else if (strchr_m(name, '/')) {
|
||||||
format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
|
format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL;
|
||||||
|
} else if ((name[0] == 'S' || name[0] == 's') && name[1] == '-') {
|
||||||
|
format_offered = DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY;
|
||||||
} else {
|
} else {
|
||||||
return NT_STATUS_NO_SUCH_USER;
|
return NT_STATUS_NO_SUCH_USER;
|
||||||
}
|
}
|
||||||
|
@ -60,8 +60,7 @@ class DrsCracknamesTestCase(drs_base.DrsBaseTestCase):
|
|||||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
|
drsuapi.DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL,
|
||||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
|
drsuapi.DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX,
|
||||||
drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
|
drsuapi.DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL,
|
||||||
# We currently don't support this
|
drsuapi.DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
|
||||||
# drsuapi.DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY,
|
|
||||||
# This format is not supported by Windows (or us)
|
# This format is not supported by Windows (or us)
|
||||||
# drsuapi.DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN,
|
# drsuapi.DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN,
|
||||||
}
|
}
|
||||||
|
@ -129,7 +129,6 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
|
|||||||
break;
|
break;
|
||||||
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
|
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: /* should fail as we ask server to convert to Unknown format */
|
||||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
||||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
|
||||||
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
|
if (r.out.ctr->ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR) {
|
||||||
err_msg = talloc_asprintf(mem_ctx,
|
err_msg = talloc_asprintf(mem_ctx,
|
||||||
"Unexpected error (%d): This name lookup should fail",
|
"Unexpected error (%d): This name lookup should fail",
|
||||||
@ -156,7 +155,6 @@ static bool test_DsCrackNamesMatrix(struct torture_context *tctx,
|
|||||||
n_from[i] = service_principal_name;
|
n_from[i] = service_principal_name;
|
||||||
break;
|
break;
|
||||||
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
|
case DRSUAPI_DS_NAME_FORMAT_UNKNOWN:
|
||||||
case DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY:
|
|
||||||
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
case DRSUAPI_DS_NAME_FORMAT_DNS_DOMAIN:
|
||||||
n_from[i] = NULL;
|
n_from[i] = NULL;
|
||||||
break;
|
break;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user