diff options
| author | Ralph Boehme <slow@samba.org> | 2015-10-15 12:35:26 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2015-10-20 08:48:17 +0200 |
| commit | 9f4f2af72056f7cc96bff45f9baa9f5a0202abf5 (patch) | |
| tree | 2e0cac89f74d8161d3cc4a7ef9c4ed8e913e33d8 | |
| parent | a83021fe900dbda5058f9a5f2f8c3dd8cd9f04db (diff) | |
| download | samba-9f4f2af72056f7cc96bff45f9baa9f5a0202abf5.tar.gz | |
s3:lib: validate domain name in lookup_wellknown_name()
If domain argument is not an empty string, only search the matching
wellknown domain name.
As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".
Passing "NT Authority" otoh will obviously only search that domain.
This change makes lookup_wellknown_name() behave like this:
in domain | in name | ok | out sid | out domain
========================================================
Dialup + S-1-5-1 NT Authority
NT Authority Dialup + S-1-5-1 NT Authority
Creator Authority Dialup - - -
Creator Owner + S-1-3-0 ""
Creator Authority Creator Owner - - -
NT Authority Creator Owner - - -
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)
| -rw-r--r-- | source3/lib/util_wellknown.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/source3/lib/util_wellknown.c b/source3/lib/util_wellknown.c index 0f627d1443c..a3db9ab5b44 100644 --- a/source3/lib/util_wellknown.c +++ b/source3/lib/util_wellknown.c @@ -154,16 +154,23 @@ bool lookup_wellknown_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, ***************************************************************************/ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, - struct dom_sid *sid, const char **domain) + struct dom_sid *sid, const char **pdomain) { int i, j; + const char *domain = *pdomain; - DEBUG(10,("map_name_to_wellknown_sid: looking up %s\n", name)); + DEBUG(10,("map_name_to_wellknown_sid: looking up %s\\%s\n", domain, name)); for (i=0; special_domains[i].sid != NULL; i++) { const struct rid_name_map *users = special_domains[i].known_users; + if (domain[0] != '\0') { + if (!strequal(domain, special_domains[i].name)) { + continue; + } + } + if (users == NULL) continue; @@ -171,7 +178,7 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name, if ( strequal(users[j].name, name) ) { sid_compose(sid, special_domains[i].sid, users[j].rid); - *domain = talloc_strdup( + *pdomain = talloc_strdup( mem_ctx, special_domains[i].name); return True; } |