diff options
author | Jeremy Allison <jra@samba.org> | 2015-10-15 09:20:58 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2015-10-20 08:48:17 +0200 |
commit | 60ea0df0887e686653d4ec944e070bc8be3eaa28 (patch) | |
tree | fb93b61b3df24c566fb3744338c5c9455fb8a0cf /source3/passdb/lookup_sid.c | |
parent | 9f4f2af72056f7cc96bff45f9baa9f5a0202abf5 (diff) | |
download | samba-60ea0df0887e686653d4ec944e070bc8be3eaa28.tar.gz |
s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.
Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)
Diffstat (limited to 'source3/passdb/lookup_sid.c')
-rw-r--r-- | source3/passdb/lookup_sid.c | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 3f99ee1e4e0..1ffd657a720 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx, return false; } - if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) { + /* + * Finally check for a well known domain name ("NT Authority"), + * this is taken care if in lookup_wellknown_name(). + */ + if ((domain[0] != '\0') && + (flags & LOOKUP_NAME_WKN) && + lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) + { + type = SID_NAME_WKN_GRP; + goto ok; + } + + /* + * If we're told not to look up 'isolated' names then we're + * done. + */ + if (!(flags & LOOKUP_NAME_ISOLATED)) { + TALLOC_FREE(tmp_ctx); + return false; + } + + /* + * No domain names beyond this point + */ + if (domain[0] != '\0') { TALLOC_FREE(tmp_ctx); return false; } @@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx, /* 1. well-known names */ + /* + * Check for well known names without a domain name. + * e.g. \Creator Owner. + */ + if ((flags & LOOKUP_NAME_WKN) && lookup_wellknown_name(tmp_ctx, name, &sid, &domain)) { |