The branch, master has been updated via ecc7022 s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3(). via a924209 s3-util: add helper functions to deal with the S-1-18 domain. via cf163ac security: Add Asserted Identity sids (S-1-18) from d1235c7 ldb: Fix CID 1348110 Uninitialized scalar variable
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ecc7022d7c3cd481b0caf6c9c48c72ea3e7ac822 Author: Günther Deschner <g...@samba.org> Date: Fri Jan 15 14:43:48 2016 +0100 s3-util: skip S-1-18 sids in token generaion in sid_array_from_info3(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 Guenther Signed-off-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Jan 16 01:24:04 CET 2016 on sn-devel-144 commit a92420911d4786e6fe58091f9641e2b193513f0c Author: Günther Deschner <g...@samba.org> Date: Fri Jan 15 14:43:12 2016 +0100 s3-util: add helper functions to deal with the S-1-18 domain. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 Guenther Signed-off-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit cf163ac359ee8414dd34723bdce79c33e225d3c9 Author: Günther Deschner <g...@samba.org> Date: Fri Jan 15 14:46:07 2016 +0100 security: Add Asserted Identity sids (S-1-18) Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 definitions taken from [MS-DTYP]: Windows Data Types, 2.4.2.4 Well-Known SID Structures. Guenther Signed-off-by: Günther Deschner <g...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: libcli/security/dom_sid.h | 3 +++ libcli/security/util_sid.c | 8 ++++++ librpc/idl/security.idl | 3 +++ source3/include/proto.h | 5 ++++ source3/lib/util_sid.c | 5 ++++ .../winbindd_async.c => lib/util_specialsids.c} | 30 +++++++++++++--------- source3/wscript_build | 1 + 7 files changed, 43 insertions(+), 12 deletions(-) copy source3/{winbindd/winbindd_async.c => lib/util_specialsids.c} (62%) Changeset truncated at 500 lines: diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 990a4c4..bdcec94 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -36,6 +36,9 @@ extern const struct dom_sid global_sid_System; extern const struct dom_sid global_sid_NULL; extern const struct dom_sid global_sid_Authenticated_Users; extern const struct dom_sid global_sid_Network; +extern const struct dom_sid global_sid_Asserted_Identity; +extern const struct dom_sid global_sid_Asserted_Identity_Service; +extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority; extern const struct dom_sid global_sid_Creator_Owner; extern const struct dom_sid global_sid_Creator_Group; extern const struct dom_sid global_sid_Owner_Rights; diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c index 3399801..ab3018a 100644 --- a/libcli/security/util_sid.c +++ b/libcli/security/util_sid.c @@ -55,6 +55,14 @@ const struct dom_sid global_sid_Authenticated_Users = /* All authenticated rids const struct dom_sid global_sid_Restriced = /* Restriced Code */ { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; #endif + +const struct dom_sid global_sid_Asserted_Identity = /* Asserted Identity */ +{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; +const struct dom_sid global_sid_Asserted_Identity_Service = /* Asserted Identity Service */ +{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; +const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority = /* Asserted Identity Authentication Authority */ +{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; + const struct dom_sid global_sid_Network = /* Network rids */ { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}}; diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index b78307e..f412ffe 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -285,6 +285,9 @@ interface security const string SID_NT_TRUSTED_INSTALLER = "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"; + const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1"; + const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2"; + /* well-known domain RIDs */ const int DOMAIN_RID_LOGON = 9; const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498; diff --git a/source3/include/proto.h b/source3/include/proto.h index a53aabd..809cb95 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1174,6 +1174,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid); const char *unix_groups_domain_name(void); bool lookup_unix_group_name(const char *name, struct dom_sid *sid); +/* The following definitions come from lib/util_specialsids.c */ +bool sid_check_is_asserted_identity(const struct dom_sid *sid); +bool sid_check_is_in_asserted_identity(const struct dom_sid *sid); +const char *asserted_identity_domain_name(void); + /* The following definitions come from lib/filename_util.c */ NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname, diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 4b6fb81..4d57a92 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -185,6 +185,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, */ for (i = 0; i < info3->sidcount; i++) { + + if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) { + continue; + } + status = add_sid_to_array(mem_ctx, info3->sids[i].sid, &sid_array, &num_sids); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_async.c b/source3/lib/util_specialsids.c similarity index 62% copy from source3/winbindd/winbindd_async.c copy to source3/lib/util_specialsids.c index 75dfa0e..4c402d6 100644 --- a/source3/winbindd/winbindd_async.c +++ b/source3/lib/util_specialsids.c @@ -1,10 +1,6 @@ -/* +/* Unix SMB/CIFS implementation. - - Async helpers for blocking functions - - Copyright (C) Volker Lendecke 2005 - Copyright (C) Gerald Carter 2006 + Copyright (C) Guenther Deschner 2016 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,14 +17,24 @@ */ #include "includes.h" -#include "winbindd.h" #include "../libcli/security/security.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND +bool sid_check_is_asserted_identity(const struct dom_sid *sid) +{ + return dom_sid_equal(sid, &global_sid_Asserted_Identity); +} + +bool sid_check_is_in_asserted_identity(const struct dom_sid *sid) +{ + struct dom_sid dom_sid; + + sid_copy(&dom_sid, sid); + sid_split_rid(&dom_sid, NULL); + + return sid_check_is_asserted_identity(&dom_sid); +} -enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain, - struct winbindd_cli_state *state) +const char *asserted_identity_domain_name(void) { - return WINBINDD_OK; + return "Asserted Identity"; } diff --git a/source3/wscript_build b/source3/wscript_build index 9d5d0d0..b8eaeca 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -253,6 +253,7 @@ bld.SAMBA3_SUBSYSTEM('samba3util', lib/recvfile.c lib/time.c lib/util_sid.c + lib/util_specialsids.c lib/util_file.c lib/util.c lib/util_path.c -- Samba Shared Repository