diff options
author | Ralph Boehme <slow@samba.org> | 2017-04-10 16:14:45 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-04-12 01:41:14 +0200 |
commit | a58b54a33435d26e9fe226d3d72e4392747aeedd (patch) | |
tree | fdbd8c397aa2bc24c3912e1c8041b299c7dfbb06 /libcli | |
parent | 26661218b3d3f0d4ee89039727bc110e972c2851 (diff) | |
download | samba-a58b54a33435d26e9fe226d3d72e4392747aeedd.tar.gz |
libcli/security: fix dom_sid_in_domain()
Ensure the SID has exactly one component more then the domain SID, eg
Domain SID: S-1-5-21-1-2-3
SID: S-1-5-21-1-2-3-4
This will return true. If the SID has more components, eg
SID: S-1-5-21-1-2-3-4-5, or
SID: S-1-5-21-1-2-3-4-5-6-7-8
dom_sid_in_domain() must return false.
This was verified against Windows:
lsa_LookupSids: struct lsa_LookupSids
out: struct lsa_LookupSids
domains : *
domains : *
domains: struct lsa_RefDomainList
count : 0x00000002 (2)
domains : *
domains: ARRAY(2)
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'BUILTIN'
sid : *
sid : S-1-5-32
domains: struct lsa_DomainInfo
name: struct lsa_StringLarge
length : 0x0012 (18)
size : 0x0014 (20)
string : *
string : 'W4EDOM-L4'
sid : *
sid : S-1-5-21-278041429-3399921908-1452754838
max_size : 0x00000020 (32)
names : *
names: struct lsa_TransNameArray
count : 0x00000004 (4)
names : *
names: ARRAY(4)
names: struct lsa_TranslatedName
sid_type : SID_NAME_USER (1)
name: struct lsa_String
length : 0x001a (26)
size : 0x001a (26)
string : *
string : 'Administrator'
sid_index : 0x00000001 (1)
names: struct lsa_TranslatedName
sid_type : SID_NAME_UNKNOWN (8)
name: struct lsa_String
length : 0x005c (92)
size : 0x005e (94)
string : *
string : 'S-1-5-21-278041429-3399921908-1452754838-500-1'
sid_index : 0xffffffff (4294967295)
names: struct lsa_TranslatedName
sid_type : SID_NAME_ALIAS (4)
name: struct lsa_String
length : 0x001c (28)
size : 0x001c (28)
string : *
string : 'Administrators'
sid_index : 0x00000000 (0)
names: struct lsa_TranslatedName
sid_type : SID_NAME_UNKNOWN (8)
name: struct lsa_String
length : 0x001c (28)
size : 0x001e (30)
string : *
string : 'S-1-5-32-544-9'
sid_index : 0xffffffff (4294967295)
count : *
count : 0x00000002 (2)
result : STATUS_SOME_UNMAPPED
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/security/dom_sid.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 5454c514c94..e6beff1a399 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -341,7 +341,11 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid, return false; } - if (domain_sid->num_auths > sid->num_auths) { + if (sid->num_auths < 2) { + return false; + } + + if (domain_sid->num_auths != (sid->num_auths - 1)) { return false; } |