1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source3/lib
Joseph Sutton 1c3a8fa20c auth: Correct primary group handling
Heretofore we have treated the primary group SID specially, storing it
in a fixed position as the second element of the user_info_dc->sids
array, and filtering out other copies in the PAC_LOGON_INFO base
structure. This filtering has made it difficult to distinguish between
the case where the primary group is a universal or global group, located
in the base RIDs, and the case where it is a domain-local group, missing
from the base RIDs; especially since the attributes of a domain-local
primary group are lost by being stored in the PAC. Domain-local primary
groups are normally disallowed by Windows, but are allowed by Samba, and
so it is reasonable to support them with at least some measure of
consistency.

The second element of user_info_dc->sids is still reserved for the
primary group's SID, but we no longer filter out any other copies in the
array. The first two elements are no more than the SIDs of the user and
the primary group respectively; and the remaining SIDs are as if taken
without modification from arrays of SIDs in the PAC. user_info_dc->sids
should therefore become a more faithful representation of the SIDs in
the PAC. After adding resource SIDs to it with
dsdb_expand_resource_groups(), we should have a result that more closely
and in more cases matches that of Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:40 +00:00
..
ABI Decouple ldap-ssl-ads from ldap-ssl option 2020-07-13 10:41:37 +00:00
dbwrap s3:g_lock: add callback function to g_lock_lock() 2022-09-20 00:34:35 +00:00
eventlog
netapi s3:netapi: Remove unused variables 2023-02-06 22:51:32 +00:00
smbconf source3/lib/smbconf: add python bindings for init functions 2022-05-06 17:16:30 +00:00
addrchange.c s3/lib: clang: 'Value stored to 'rta' is never read' 2019-07-16 22:52:25 +00:00
addrchange.h
adouble.c smbd: Pass vfs_open_how through fd_openat 2022-08-06 01:43:50 +00:00
adouble.h CVE-2021-44142: libadouble: add defines for icon lengths 2022-01-31 15:27:37 +00:00
adt_tree.c lib: Whitespace fixes 2022-10-27 18:18:36 +00:00
audit.c
avahi.c
background.c smbd: remove process shortname arg from reinit_after_fork() 2022-12-14 01:38:29 +00:00
background.h lib: Add required includes to source3/lib/background.h 2021-04-01 19:32:36 +00:00
cbuf.c
cbuf.h
charcnv.c
cleanupdb.c lib: Avoid an #include includes.h 2022-10-27 18:18:36 +00:00
cleanupdb.h lib: Avoid an #include includes.h 2022-10-27 18:18:36 +00:00
cluster_support.c
cluster_support.h
cmdline_contexts.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
cmdline_contexts.h
ctdb_dummy.c s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API 2020-10-14 12:29:55 +00:00
ctdbd_conn.c s3:ctdbd_conn: make sure ctdbd_init_async_connection() never returns 0 with conn = NULL 2022-07-01 17:35:27 +00:00
dmallocmsg.c
dumpcore.c s3/dump_core: Have a newline towards the end of log message 2019-10-18 08:54:04 +00:00
errmap_unix.c lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW 2022-08-19 12:43:06 +00:00
file_id.c smbd: remove itime and file_id logic and code 2022-03-31 23:01:37 +00:00
file_id.h smbd: remove itime and file_id logic and code 2022-03-31 23:01:37 +00:00
filename_util.c lib: Move 16 bytes to readonly .text segment 2023-01-10 00:28:37 +00:00
fstring.c s3-lib: restore truncating behavior of push_ascii_nstring() 2022-10-25 16:25:40 +00:00
g_lock.c lib: Use tdb_data_dbg() where appropriate 2023-01-10 00:28:37 +00:00
gencache.c s3:lib: Create the cache path of user gencache recursively 2021-01-06 23:59:58 +00:00
gencache.h
global_contexts.c lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
global_contexts.h lib: give global_contexts.c its own header file 2021-01-08 20:31:33 +00:00
id_cache.c s3:lib: Add missing break in switch statement 2021-02-01 21:50:32 +00:00
id_cache.h
idmap_cache.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
idmap_cache.h
interface.c interface: fix if_index is not parsed correctly 2020-10-14 11:07:36 +00:00
interface.h s3:lib: Move interface prototypes to own header file 2020-10-09 20:36:12 +00:00
ldap_debug_handler.c
ldap_escape.c
lsa.c
messages_ctdb_ref.c s3:lib/messages*: s/getpid/tevent_cached_getpid 2022-07-25 17:34:33 +00:00
messages_ctdb_ref.h
messages_ctdb.c s3/lib: Prevent use after free of messaging_ctdb_fde_ev structs 2023-01-26 16:03:49 +00:00
messages_ctdb.h
messages_util.c
messages_util.h
messages.c s3:lib/messages*: s/getpid/tevent_cached_getpid 2022-07-25 17:34:33 +00:00
ms_fnmatch.c
namearray.c
namemap_cache.c lib: relicense smb_strtoul(l) under LGPLv3 2020-08-03 22:21:02 +00:00
namemap_cache.h
per_thread_cwd.c
privileges.c lib: Fix a typo in a DEBUG fn prefix by using DBG_ 2021-10-08 19:28:31 +00:00
privileges.h
readdir_attr.h
recvfile.c
sendfile.c lib;smbd: Fix the -Os build by initializing variables 2021-08-06 17:22:30 +00:00
server_id_db_util.c
server_id_db_util.h
server_id_watch.c lib: Avoid an unnecessary include 2020-01-14 19:17:28 +00:00
server_id_watch.h lib: Remove "msg_ctx" from server_id_watch_send() 2020-01-14 19:17:28 +00:00
server_mutex.c
serverid.c lib/messaging: Move messages_dgm out of source3 2020-05-06 00:06:40 +00:00
sessionid_tdb.c s3:smbstatus: pretty print the use of new signing/encryption algorithms 2021-07-15 00:06:31 +00:00
sharesec.c lib: Make get_share_security_default static 2020-09-12 06:29:37 +00:00
smbd_shim.c smbd: Remove source3/smbd/statcache.c 2022-12-14 22:54:29 +00:00
smbd_shim.h smbd: Remove source3/smbd/statcache.c 2022-12-14 22:54:29 +00:00
smbldap.c s3:lib: Fix trailing whitespaces in smbldap.c 2022-08-26 07:59:32 +00:00
smbrun.c lib: Use closefrom() in smbrun.c 2020-01-19 18:29:39 +00:00
srprs.c
srprs.h
string_replace.c lib: Replace a call to TALLOC_ZERO() 2021-04-19 18:18:31 +00:00
string_replace.h s3: move fruit catia string replace mappings to s3/lib/ 2019-07-12 21:31:29 +00:00
substitute_generic.c lib: Remove fstring_sub() that was used just once 2022-12-12 21:16:33 +00:00
substitute.c lib: Fix whitespace 2022-12-14 04:32:34 +00:00
substitute.h lib: Add get_current_user_info_domain() 2022-12-12 21:16:33 +00:00
sysacls.c vfs_aixacl: add proper header file 2022-02-18 22:17:33 +00:00
sysquotas_4A.c
sysquotas_4B.c
sysquotas_jfs2.c
sysquotas_linux.c
sysquotas_nfs.c
sysquotas_xfs.c
sysquotas.c lib: Save a few lines with str_list_add_printf() 2022-01-18 20:22:38 +00:00
system_smbd.c Don't use sysconf(_SC_NGROUPS_MAX) on macOS for getgroups() 2021-09-09 17:43:19 +00:00
system.c smbd: remove itime and file_id logic and code 2022-03-31 23:01:37 +00:00
tallocmsg.c lib: Remove unneded #include malloc.h 2020-02-19 09:38:39 +00:00
tdb_validate.c
tdb_validate.h
test_adouble.c CVE-2021-44142: libadouble: add basic cmocka tests 2022-01-31 15:27:37 +00:00
test_tldap.c
tevent_barrier.c
tevent_barrier.h
tevent_glib_glue_tests.c
tevent_glib_glue.c s3:lib: Fix possible 32-bit arithmetic overflow 2022-03-05 08:04:28 +00:00
tevent_glib_glue.h
time.c s3:lib: use nt_time_to_full_timespec() in interpret_long_date() 2019-12-06 00:17:36 +00:00
tldap_gensec_bind.c
tldap_gensec_bind.h
tldap_util.c lib: relicense smb_strtoul(l) under LGPLv3 2020-08-03 22:21:02 +00:00
tldap.c lib: Align integer types 2020-12-04 21:08:38 +00:00
username.c s3: safe_string: do not include string_wrappers.h 2020-08-28 00:56:34 +00:00
util_builtin.c
util_cluster.c lib: Avoid an #include includes.h 2022-10-27 18:18:36 +00:00
util_cluster.h
util_ea.c
util_ea.h
util_event.c
util_file.c lib: Fix file_ploadv_send/recv cleanup 2021-03-09 22:36:28 +00:00
util_file.h s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX. 2019-05-24 19:00:06 +00:00
util_macstreams.c s3:lib: move Mac streams util functions to s3/lib 2019-07-12 21:31:29 +00:00
util_macstreams.h s3:lib: move Mac streams util functions to s3/lib 2019-07-12 21:31:29 +00:00
util_malloc.c lib: Fix a typo 2022-08-26 18:54:37 +00:00
util_matching.c s3:lib: add samba_path_matching_regex_sub1_create() 2021-07-01 13:02:31 +00:00
util_matching.h s3:lib: add samba_path_matching_regex_sub1_create() 2021-07-01 13:02:31 +00:00
util_names.c CVE-2020-25717: s3:lib: add lp_allow_trusted_domains() logic to is_allowed_domain() 2021-11-09 19:45:33 +00:00
util_nscd.c
util_nttoken.c lib: Align integer types 2021-01-22 19:54:38 +00:00
util_path.c libsmb: Simplify clistr_is_previous_version_path() 2022-12-16 08:42:18 +00:00
util_path.h libsmb: Simplify clistr_is_previous_version_path() 2022-12-16 08:42:18 +00:00
util_procid.c lib/messaging: Move messages_dgm out of source3 2020-05-06 00:06:40 +00:00
util_procid.h
util_sd.c lib: Fix out-of-bounds access in print_ace_flags() 2023-01-12 15:38:30 +00:00
util_sec.c lib: Improve comment wording 2021-08-24 17:32:28 +00:00
util_sid_passdb.c
util_sid_passdb.h
util_sid.c auth: Correct primary group handling 2023-02-08 00:03:40 +00:00
util_sock.c lib: Add lp_allow_local_address() 2022-11-10 07:27:31 +00:00
util_specialsids.c lib: Avoid an "includes.h" 2021-09-21 00:13:32 +00:00
util_specialsids.h lib: Give util_specialsids.c its own prototype header 2021-09-21 00:13:32 +00:00
util_str.c lib: Remove unused octal_string() 2022-12-12 21:16:33 +00:00
util_tdb.c lib: Add tdb_data_dbg() 2023-01-10 00:28:37 +00:00
util_transfer_file.c
util_tsock.c
util_tsock.h
util_unixsids.c
util_unixsids.h
util_wellknown.c
util.c lib: Move tab_depth() to reg_parse_prs.c 2023-01-10 00:28:37 +00:00
version_test.c
version.c
winbind_util.c
winbind_util.h
wins_srv.c s3: libsmb: Convert the WINS and broadcast name functions to return size_t * num addresses. 2020-09-15 10:09:36 +00:00
xattr_tdb.c vfs: Use file_id_str_buf() in xattr_tdb_setattr() 2019-09-10 23:14:31 +00:00
xattr_tdb.h