The branch, v4-9-stable has been updated via f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. via 9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4. via d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via baf1e0f30fe s3:smbd: add twrp args to filename_convert() via f8c144fa191 s3:smbd: add twrp processing to filename_convert_internal() via 88863119323 s3:smbd: prepare filename_convert_internal() for twrp via 3295cc8b4a5 s3:selftest: add a VSS test reading a stream via 1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via 256d488b593 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 0e355e3826f vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via 0244de24cfe s3:script/tests: add a test for VSS write behaviour via 6f8ea0a08ea s4:torture: add a test-suite for VSS via 1cf55de5ceb vfs_error_inject: add EBADF error via 8eaf7922410 vfs_error_inject: add pwrite via f53459c9232 s3:libads: Add net ads leave keep-account option via 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child via ac2c24cc424 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via fd91429b529 winbindd: add some braces via cf7e9d3d90f libcli/security: add dom_sid_lookup_is_predefined_domain() via 7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT Authority" via 53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 850a5521a3b CVE-2018-14629: Tests to expose regression from dns cname loop fix via 6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via 2332c99cba7 libcli/smb: don't overwrite status code via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via f678c6f06f0 ldb_controls: Add some talloc error checking for controls via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation via 517df6d3da3 dirsync: Allow arbitrary length cookies via a816ca4004a PEP8: fix E231: missing whitespace after ',' via b3d376b7d4d VERSION: Bump version up to 4.9.4. via 9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks via 041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 77cf7167374 s4:torture/smb2/session: session reauth response must be signed via f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i via 2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache via 6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 6ca7a8a2ffb libcli/smb: defer singing check a little bit via cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state via 4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response() via 052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session" via 299e6edd0e6 torture: Fix the 32-bit build via 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream via 4672656d9e1 vfs_fruit: move a comment to the right place via b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream via 7f8740c0acf winbindd: Fix crash when taking profiles via 7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation via 424d4d2b408 VERSION: Bump version up to 4.9.3... from 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 83 +++++- ctdb/server/ctdbd.c | 20 ++ ctdb/tests/simple/90_debug_hung_script.sh | 17 +- docs-xml/manpages/net.8.xml | 9 +- lib/ldb/common/ldb_controls.c | 108 +++++++- lib/util/debug.c | 4 +- libcli/security/dom_sid.h | 1 + libcli/security/util_sid.c | 33 +++ libcli/smb/smbXcli_base.c | 49 +++- libcli/smb/smbXcli_base.h | 2 + nsswitch/tests/test_wbinfo.sh | 18 ++ python/samba/netcmd/user.py | 9 +- python/samba/tests/dns.py | 101 +++++++ selftest/knownfail.d/dns | 14 +- selftest/target/Samba3.pm | 9 + source3/libnet/libnet_join.c | 2 + source3/modules/vfs_error_inject.c | 19 ++ source3/modules/vfs_fruit.c | 86 ++++-- source3/modules/vfs_glusterfs.c | 176 ++++++++++-- source3/modules/vfs_shadow_copy2.c | 230 ++++++++++++++-- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 + source3/script/tests/test_shadow_copy_torture.sh | 114 ++++++++ source3/selftest/tests.py | 9 +- source3/smbd/filename.c | 32 ++- source3/smbd/nttrans.c | 4 + source3/smbd/open.c | 1 + source3/smbd/proto.h | 1 + source3/smbd/reply.c | 15 + source3/smbd/smb2_create.c | 30 +- source3/smbd/smb2_query_directory.c | 1 + source3/smbd/smb2_sesssetup.c | 8 +- source3/smbd/trans2.c | 8 + source3/utils/net.c | 3 +- source3/utils/net.h | 1 + source3/utils/net_ads.c | 9 +- source3/winbindd/winbindd.c | 3 +- source3/winbindd/winbindd_util.c | 37 ++- source4/dns_server/dns_query.c | 29 +- source4/kdc/mit-kdb/kdb_samba_policies.c | 24 +- source4/kdc/mit_samba.c | 7 +- source4/torture/smb2/create.c | 174 ++++++++++++ source4/torture/smb2/session.c | 141 +++++++++- source4/torture/smb2/smb2.c | 1 + source4/torture/vfs/fruit.c | 336 +++++++++++++++++++++++ testprogs/blackbox/test_kinit_mit.sh | 20 +- 46 files changed, 1832 insertions(+), 170 deletions(-) create mode 100755 source3/script/tests/test_shadow_copy_torture.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 808d4f3a318..7efe718ebbf 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 ######################################################## # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index fc1541dbbe5..b3a39d3291a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,82 @@ + ============================= + Release Notes for Samba 4.9.4 + December 20, 2018 + ============================= + + +Major bug fixes include: +------------------------ + + o dns: Fix CNAME loop prevention using counter regression (bug #13600). + + +Changes since 4.9.3: +-------------------- + +o Ralph Boehme <s...@samba.org> + * BUG 9175: libcli/smb: Don't overwrite status code. + * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work. + * BUG 13661: Session setup reauth fails to sign response. + * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream. + * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous + version for writing. + * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails + with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name. + +o Isaac Boukris <ibouk...@gmail.com> + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + +o Günther Deschner <g...@samba.org> + * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. + +o Joe Guo <j...@catalyst.net.nz> + * PEP8: fix E231: missing whitespace after ','. + +o Volker Lendecke <v...@samba.org> + * BUG 13629: winbindd: Fix crash when taking profiles. + +o Stefan Metzmacher <me...@samba.org> + * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter + regression. + +o Garming Sam <garm...@catalyst.net.nz> + * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. + +o Andreas Schneider <a...@samba.org> + * BUG 13571: CVE-2018-16853: Do not segfault if client is not set. + * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation. + +o Martin Schwenke <mar...@meltin.net> + * BUG 13696: ctdb-daemon: Exit with error if a database directory does not + exist. + +o Justin Stephenson <jstep...@redhat.com> + * BUG 13498: s3:libads: Add net ads leave keep-account option. + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + ============================= Release Notes for Samba 4.9.3 November 27, 2018 @@ -122,8 +201,8 @@ database (https://bugzilla.samba.org/). ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- + ============================= Release Notes for Samba 4.9.2 diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c index 721347c4733..45519a7fc3d 100644 --- a/ctdb/server/ctdbd.c +++ b/ctdb/server/ctdbd.c @@ -299,8 +299,28 @@ int main(int argc, const char *argv[]) */ ctdb->db_directory = ctdb_config.dbdir_volatile; + ok = directory_exist(ctdb->db_directory); + if (! ok) { + D_ERR("Volatile database directory %s does not exist\n", + ctdb->db_directory); + goto fail; + } + ctdb->db_directory_persistent = ctdb_config.dbdir_persistent; + ok = directory_exist(ctdb->db_directory_persistent); + if (! ok) { + D_ERR("Persistent database directory %s does not exist\n", + ctdb->db_directory_persistent); + goto fail; + } + ctdb->db_directory_state = ctdb_config.dbdir_state; + ok = directory_exist(ctdb->db_directory_state); + if (! ok) { + D_ERR("State database directory %s does not exist\n", + ctdb->db_directory_state); + goto fail; + } if (ctdb_config.lock_debug_script != NULL) { ret = setenv("CTDB_DEBUG_LOCKS", diff --git a/ctdb/tests/simple/90_debug_hung_script.sh b/ctdb/tests/simple/90_debug_hung_script.sh index 846188fc716..8b8e22b3239 100755 --- a/ctdb/tests/simple/90_debug_hung_script.sh +++ b/ctdb/tests/simple/90_debug_hung_script.sh @@ -61,9 +61,21 @@ wait_until 60 onnode $test_node test -s "$debug_output" echo "Checking output of hung script debugging..." try_command_on_node -v $test_node cat "$debug_output" +hung_script_output="$out" + +# Can we actually read kernel stacks +if try_command_on_node $test_node "cat /proc/$$/stack >/dev/null 2>&1" ; then + stackpat=' +---- Stack trace of interesting process [0-9]*\\[sleep\\] ---- +[<[0-9a-f]*>] .*sleep+.* +' +else + stackpat='' +fi while IFS="" read pattern ; do - if grep -- "^${pattern}\$" <<<"$out" >/dev/null ; then + [ -n "$pattern" ] || continue + if grep -- "^${pattern}\$" <<<"$hung_script_output" >/dev/null ; then printf 'GOOD: output contains "%s"\n' "$pattern" else printf 'BAD: output does not contain "%s"\n' "$pattern" @@ -75,8 +87,7 @@ done <<EOF pstree -p -a .*: 00\\\\.test\\\\.script,.* *\`-sleep,.* ----- Stack trace of interesting process [0-9]*\\\\[sleep\\\\] ---- -[<[0-9a-f]*>] .*sleep+.* +${stackpat} ---- ctdb scriptstatus monitor: ---- 00\\.test *TIMEDOUT.* *OUTPUT: Sleeping for [0-9]* seconds\\\\.\\\\.\\\\. diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index 3154ee5ff85..d2bcd24c502 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -377,6 +377,13 @@ </para></listitem> </varlistentry> + <varlistentry> + <term>--keep-account</term> + <listitem><para>Prevent the machine account removal as + part of "net ads leave". + </para></listitem> + </varlistentry> + &stdarg.encrypt; &popt.common.samba.client; @@ -1276,7 +1283,7 @@ against an NT4 Domain Controller. </refsect2> <refsect2> -<title>ADS LEAVE</title> +<title>ADS LEAVE [--keep-account]</title> <para>Make the remote host leave the domain it is part of. </para> diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index a83768a352c..e0f0eb48f3a 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->ctxid_len); if (control->contextId == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -534,13 +535,20 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) { struct ldb_dirsync_control *control; const char *p; - char cookie[1024]; + char *cookie = NULL; int crit, max_attrs, ret; uint32_t flags; - cookie[0] = '\0'; + cookie = talloc_zero_array(ctrl, char, + strlen(control_strings) + 1); + if (cookie == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]); - ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); + ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs, cookie); if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) { ldb_set_errstring(ldb, @@ -561,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_DIRSYNC_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_dirsync_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->flags = flags; control->max_attributes = max_attrs; if (*cookie) { @@ -575,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -582,17 +596,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie_len = 0; } ctrl->data = control; + TALLOC_FREE(cookie); return ctrl; } if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0) { struct ldb_dirsync_control *control; const char *p; - char cookie[1024]; + char *cookie = NULL; int crit, max_attrs, ret; uint32_t flags; - cookie[0] = '\0'; + cookie = talloc_zero_array(ctrl, char, + strlen(control_strings) + 1); + if (cookie == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]); ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie); @@ -615,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_dirsync_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->flags = flags; control->max_attributes = max_attrs; if (*cookie) { @@ -630,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -637,6 +665,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie_len = 0; } ctrl->data = control; + TALLOC_FREE(cookie); return ctrl; } @@ -662,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_ASQ_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_asq_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->request = 1; control->source_attribute = talloc_strdup(control, attr); control->src_attr_len = strlen(attr); @@ -693,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control = NULL; } else { control = talloc(ctrl, struct ldb_extended_dn_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } control->type = type; } @@ -723,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SD_FLAGS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_sd_flags_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->secinfo_flags = secinfo_flags; ctrl->data = control; @@ -749,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_search_options_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->search_options = search_options; ctrl->data = control; @@ -865,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_paged_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->size = size; if (cookie[0] != '\0') { int len = ldb_base64_decode(cookie); @@ -879,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO control->cookie = talloc_memdup(control, cookie, control->cookie_len); if (control->cookie == NULL) { ldb_oom(ldb); + talloc_free(ctrl); return NULL; } } else { @@ -912,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_SERVER_SORT_OID; ctrl->critical = crit; control = talloc_array(ctrl, struct ldb_server_sort_control *, 2); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control[0] = talloc(control, struct ldb_server_sort_control); + if (control[0] == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control[0]->attributeName = talloc_strdup(control, attr); - if (rule[0]) + if (control[0]->attributeName == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + + if (rule[0]) { control[0]->orderingRule = talloc_strdup(control, rule); - else + if (control[0]->orderingRule == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + } else { control[0]->orderingRule = NULL; + } control[0]->reverse = rev; control[1] = NULL; ctrl->data = control; @@ -1179,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID; ctrl->critical = crit; control = talloc(ctrl, struct ldb_verify_name_control); + if (control == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->gc = talloc_strdup(control, gc); + if (control->gc == NULL) { + ldb_oom(ldb); + talloc_free(ctrl); + return NULL; + } + control->gc_len = strlen(gc); control->flags = flags; ctrl->data = control; diff --git a/lib/util/debug.c b/lib/util/debug.c index d41e0f99c77..847ec1f0a0c 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -557,10 +557,10 @@ static const char *default_classname_table[] = { * This is to allow reading of DEBUGLEVEL_CLASS before the debug * system has been initialized. */ -static const int debug_class_list_initial[ARRAY_SIZE(default_classname_table)]; +static int debug_class_list_initial[ARRAY_SIZE(default_classname_table)]; static size_t debug_num_classes = 0; -int *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial); +int *DEBUGLEVEL_CLASS = debug_class_list_initial; /* -------------------------------------------------------------------------- ** diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index d9f4b3fc8a6..491fc0699f4 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -74,6 +74,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid, enum lsa_SidType *type, const struct dom_sid **authority_sid, const char **authority_name); +bool dom_sid_lookup_is_predefined_domain(const char *domain); int dom_sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2); diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c index af04dff1325..531d3809565 100644 --- a/libcli/security/util_sid.c +++ b/libcli/security/util_sid.c @@ -879,6 +879,39 @@ NTSTATUS dom_sid_lookup_predefined_name(const char *name, return NT_STATUS_NONE_MAPPED; } +bool dom_sid_lookup_is_predefined_domain(const char *domain) +{ + size_t di; + bool match; + + if (domain == NULL) { + domain = ""; + } + + match = strequal(domain, ""); + if (match) { + /* + * Strange, but that's what W2012R2 does. -- Samba Shared Repository