git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 23f6744)
s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.
authorJeremy Allison <jra@samba.org>
Thu, 15 Oct 2015 16:20:58 +0000 (09:20 -0700)
committerUri Simchoni <uri@samba.org>
Thu, 15 Oct 2015 17:56:14 +0000 (19:56 +0200)
Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
source3/passdb/lookup_sid.c patch | blob | history

diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 3f99ee1e4e053db928ed2a2ca48e0aa12080e76f..1ffd657a720ec094402a01034cca1cea592793f3 100644 (file)
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -140,7 +140,31 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
                return false;
        }
 
-       if ((domain[0] == '\0') && (!(flags & LOOKUP_NAME_ISOLATED))) {
+       /*
+        * Finally check for a well known domain name ("NT Authority"),
+        * this is taken care if in lookup_wellknown_name().
+        */
+       if ((domain[0] != '\0') &&
+           (flags & LOOKUP_NAME_WKN) &&
+           lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
+       {
+               type = SID_NAME_WKN_GRP;
+               goto ok;
+       }
+
+       /*
+        * If we're told not to look up 'isolated' names then we're
+        * done.
+        */
+       if (!(flags & LOOKUP_NAME_ISOLATED)) {
+               TALLOC_FREE(tmp_ctx);
+               return false;
+       }
+
+       /*
+        * No domain names beyond this point
+        */
+       if (domain[0] != '\0') {
                TALLOC_FREE(tmp_ctx);
                return false;
        }
@@ -152,6 +176,11 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
 
        /* 1. well-known names */
 
+       /*
+        * Check for well known names without a domain name.
+        * e.g. \Creator Owner.
+        */
+
        if ((flags & LOOKUP_NAME_WKN) &&
            lookup_wellknown_name(tmp_ctx, name, &sid, &domain))
        {
Michael's Samba GIT