sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
bbf2414927
samba-mirror/libcli/security
History
Ralph Boehme a58b54a334 libcli/security: fix dom_sid_in_domain() 
Ensure the SID has exactly one component more then the domain SID, eg

Domain SID: S-1-5-21-1-2-3
SID:        S-1-5-21-1-2-3-4

This will return true. If the SID has more components, eg

SID: S-1-5-21-1-2-3-4-5, or
SID: S-1-5-21-1-2-3-4-5-6-7-8

dom_sid_in_domain() must return false.

This was verified against Windows:

     lsa_LookupSids: struct lsa_LookupSids
        out: struct lsa_LookupSids
            domains                  : *
                domains                  : *
                    domains: struct lsa_RefDomainList
                        count                    : 0x00000002 (2)
                        domains                  : *
                            domains: ARRAY(2)
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x000e (14)
                                        size                     : 0x0010 (16)
                                        string                   : *
                                            string                   : 'BUILTIN'
                                    sid                      : *
                                        sid                      : S-1-5-32
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x0012 (18)
                                        size                     : 0x0014 (20)
                                        string                   : *
                                            string                   : 'W4EDOM-L4'
                                    sid                      : *
                                        sid                      : S-1-5-21-278041429-3399921908-1452754838
                        max_size                 : 0x00000020 (32)
            names                    : *
                names: struct lsa_TransNameArray
                    count                    : 0x00000004 (4)
                    names                    : *
                        names: ARRAY(4)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_USER (1)
                                name: struct lsa_String
                                    length                   : 0x001a (26)
                                    size                     : 0x001a (26)
                                    string                   : *
                                        string                   : 'Administrator'
                                sid_index                : 0x00000001 (1)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x005c (92)
                                    size                     : 0x005e (94)
                                    string                   : *
                                        string                   : 'S-1-5-21-278041429-3399921908-1452754838-500-1'
                                sid_index                : 0xffffffff (4294967295)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_ALIAS (4)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001c (28)
                                    string                   : *
                                        string                   : 'Administrators'
                                sid_index                : 0x00000000 (0)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001e (30)
                                    string                   : *
                                        string                   : 'S-1-5-32-544-9'
                                sid_index                : 0xffffffff (4294967295)
            count                    : *
                count                    : 0x00000002 (2)
            result                   : STATUS_SOME_UNMAPPED

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-12 01:41:14 +02:00
..
access_check.c lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries 2016-12-10 06:24:11 +01:00
access_check.h libcli/security: handle node initialisation in one spot in insert_in_object_tree() 2013-01-21 16:12:45 +01:00
create_descriptor.c libcli: Simplify desc_ace_has_generic() 2014-05-27 17:32:12 +02:00
display_sec.c Fix whitespace 2015-02-26 15:58:05 +01:00
display_sec.h libcli/security: move display_sec headers to own header file and add to 2011-03-16 10:11:08 +01:00
dom_sid.c libcli/security: fix dom_sid_in_domain() 2017-04-12 01:41:14 +02:00
dom_sid.h security: Add Asserted Identity sids (S-1-18) 2016-01-15 22:19:07 +01:00
object_tree.c libcli-security: Add documentation for object_tree_modify_access 2013-01-21 22:31:20 +01:00
privileges_private.h libcli/security Move 'private' privileges functions to another header 2010-09-11 18:46:13 +10:00
privileges.c libcli: Add security_token_system_privilege(). 2013-08-06 14:41:58 +02:00
privileges.h libcli: Add security_token_system_privilege(). 2013-08-06 14:41:58 +02:00
pysecurity.c pytalloc: Use consistent prefix for functions, add ABI file. 2011-08-10 15:36:21 +02:00
sddl.c libcli: Remove code clone 2016-10-13 18:13:45 +02:00
sddl.h s4:move the sddl code down to the top level 2010-03-03 09:16:34 +01:00
secace.c lib: Remove some unused code 2015-08-14 07:46:12 +02:00
secace.h lib: Remove some unused code 2015-08-14 07:46:12 +02:00
secacl.c libcli/security: remove dup_sec_acl() 2014-05-29 01:08:25 +02:00
secacl.h libcli/security: remove dup_sec_acl() 2014-05-29 01:08:25 +02:00
secdesc.c libcli: Fix debug message, print sid string for new_ace trustee. 2016-02-16 00:55:23 +01:00
secdesc.h lib: Remove some unused code 2015-08-14 07:46:12 +02:00
security_descriptor.c libcli/security: add security_descriptor_for_client() helper function 2015-03-30 13:41:25 +02:00
security_descriptor.h libcli/security: add security_descriptor_for_client() helper function 2015-03-30 13:41:25 +02:00
security_token.c libcli/security: implement SECURITY_GUEST 2016-04-28 16:51:17 +02:00
security_token.h libcli/security: implement SECURITY_GUEST 2016-04-28 16:51:17 +02:00
security.h lib: Add required prerequisites for librpc/gen_ndr/security.h 2016-12-28 20:17:12 +01:00
session.c libcli/security: implement SECURITY_GUEST 2016-04-28 16:51:17 +02:00
session.h libcli/security: implement SECURITY_GUEST 2016-04-28 16:51:17 +02:00
util_sid.c libcli/security: add SID_NAME_LABEL to sid_type_lookup() 2017-03-23 09:01:21 +01:00
wscript_build build: rename security → samba-security 2012-08-10 14:22:20 +02:00