The branch, master has been updated
via ecc7022 s3-util: skip S-1-18 sids in token generaion in
sid_array_from_info3().
via a924209 s3-util: add helper functions to deal with the S-1-18
domain.
via cf163ac security: Add Asserted Identity sids (S-1-18)
from d1235c7 ldb: Fix CID 1348110 Uninitialized scalar variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ecc7022d7c3cd481b0caf6c9c48c72ea3e7ac822
Author: Günther Deschner <g...@samba.org>
Date: Fri Jan 15 14:43:48 2016 +0100
s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Sat Jan 16 01:24:04 CET 2016 on sn-devel-144
commit a92420911d4786e6fe58091f9641e2b193513f0c
Author: Günther Deschner <g...@samba.org>
Date: Fri Jan 15 14:43:12 2016 +0100
s3-util: add helper functions to deal with the S-1-18 domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit cf163ac359ee8414dd34723bdce79c33e225d3c9
Author: Günther Deschner <g...@samba.org>
Date: Fri Jan 15 14:46:07 2016 +0100
security: Add Asserted Identity sids (S-1-18)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.
Guenther
Signed-off-by: Günther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/dom_sid.h | 3 +++
libcli/security/util_sid.c | 8 ++++++
librpc/idl/security.idl | 3 +++
source3/include/proto.h | 5 ++++
source3/lib/util_sid.c | 5 ++++
.../winbindd_async.c => lib/util_specialsids.c} | 30 +++++++++++++---------
source3/wscript_build | 1 +
7 files changed, 43 insertions(+), 12 deletions(-)
copy source3/{winbindd/winbindd_async.c => lib/util_specialsids.c} (62%)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 990a4c4..bdcec94 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -36,6 +36,9 @@ extern const struct dom_sid global_sid_System;
extern const struct dom_sid global_sid_NULL;
extern const struct dom_sid global_sid_Authenticated_Users;
extern const struct dom_sid global_sid_Network;
+extern const struct dom_sid global_sid_Asserted_Identity;
+extern const struct dom_sid global_sid_Asserted_Identity_Service;
+extern const struct dom_sid
global_sid_Asserted_Identity_Authentication_Authority;
extern const struct dom_sid global_sid_Creator_Owner;
extern const struct dom_sid global_sid_Creator_Group;
extern const struct dom_sid global_sid_Owner_Rights;
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 3399801..ab3018a 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -55,6 +55,14 @@ const struct dom_sid global_sid_Authenticated_Users =
/* All authenticated rids
const struct dom_sid global_sid_Restriced = /* Restriced
Code */
{ 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
#endif
+
+const struct dom_sid global_sid_Asserted_Identity = /* Asserted Identity
*/
+{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Asserted_Identity_Service = /* Asserted
Identity Service */
+{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority =
/* Asserted Identity Authentication Authority */
+{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+
const struct dom_sid global_sid_Network = /* Network rids
*/
{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index b78307e..f412ffe 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -285,6 +285,9 @@ interface security
const string SID_NT_TRUSTED_INSTALLER =
"S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
+ const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY =
"S-1-18-1";
+ const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
+
/* well-known domain RIDs */
const int DOMAIN_RID_LOGON = 9;
const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a53aabd..809cb95 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1174,6 +1174,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid
*sid);
const char *unix_groups_domain_name(void);
bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
+/* The following definitions come from lib/util_specialsids.c */
+bool sid_check_is_asserted_identity(const struct dom_sid *sid);
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
+const char *asserted_identity_domain_name(void);
+
/* The following definitions come from lib/filename_util.c */
NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename
*smb_fname,
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 4b6fb81..4d57a92 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -185,6 +185,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
*/
for (i = 0; i < info3->sidcount; i++) {
+
+ if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
+ continue;
+ }
+
status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
&sid_array, &num_sids);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/winbindd/winbindd_async.c b/source3/lib/util_specialsids.c
similarity index 62%
copy from source3/winbindd/winbindd_async.c
copy to source3/lib/util_specialsids.c
index 75dfa0e..4c402d6 100644
--- a/source3/winbindd/winbindd_async.c
+++ b/source3/lib/util_specialsids.c
@@ -1,10 +1,6 @@
-/*
+/*
Unix SMB/CIFS implementation.
-
- Async helpers for blocking functions
-
- Copyright (C) Volker Lendecke 2005
- Copyright (C) Gerald Carter 2006
+ Copyright (C) Guenther Deschner 2016
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -21,14 +17,24 @@
*/
#include "includes.h"
-#include "winbindd.h"
#include "../libcli/security/security.h"
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
+bool sid_check_is_asserted_identity(const struct dom_sid *sid)
+{
+ return dom_sid_equal(sid, &global_sid_Asserted_Identity);
+}
+
+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
+{
+ struct dom_sid dom_sid;
+
+ sid_copy(&dom_sid, sid);
+ sid_split_rid(&dom_sid, NULL);
+
+ return sid_check_is_asserted_identity(&dom_sid);
+}
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
- struct winbindd_cli_state *state)
+const char *asserted_identity_domain_name(void)
{
- return WINBINDD_OK;
+ return "Asserted Identity";
}
diff --git a/source3/wscript_build b/source3/wscript_build
index 9d5d0d0..b8eaeca 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -253,6 +253,7 @@ bld.SAMBA3_SUBSYSTEM('samba3util',
lib/recvfile.c
lib/time.c
lib/util_sid.c
+ lib/util_specialsids.c
lib/util_file.c
lib/util.c
lib/util_path.c
--
Samba Shared Repository
