+++ /dev/null
-From ed26d110b814e2cf0413bd9665bd08bda271ba01 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:46:07 +0100
-Subject: [PATCH 1/3] security: Add Asserted Identity sids (S-1-18)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-definitions taken from [MS-DTYP]: Windows Data Types,
-2.4.2.4 Well-Known SID Structures.
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- libcli/security/dom_sid.h | 3 +++
- libcli/security/util_sid.c | 8 ++++++++
- librpc/idl/security.idl | 3 +++
- 3 files changed, 14 insertions(+)
-
-diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
-index 04571c2..503b621 100644
---- a/libcli/security/dom_sid.h
-+++ b/libcli/security/dom_sid.h
-@@ -35,6 +35,9 @@ extern const struct dom_sid global_sid_System;
- extern const struct dom_sid global_sid_NULL;
- extern const struct dom_sid global_sid_Authenticated_Users;
- extern const struct dom_sid global_sid_Network;
-+extern const struct dom_sid global_sid_Asserted_Identity;
-+extern const struct dom_sid global_sid_Asserted_Identity_Service;
-+extern const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority;
- extern const struct dom_sid global_sid_Creator_Owner;
- extern const struct dom_sid global_sid_Creator_Group;
- extern const struct dom_sid global_sid_Anonymous;
-diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
-index cf1f7f3..5a41ef7 100644
---- a/libcli/security/util_sid.c
-+++ b/libcli/security/util_sid.c
-@@ -53,6 +53,14 @@ const struct dom_sid global_sid_Authenticated_Users = /* All authenticated rids
- const struct dom_sid global_sid_Restriced = /* Restriced Code */
- { 1, 1, {0,0,0,0,0,5}, {12,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
- #endif
-+
-+const struct dom_sid global_sid_Asserted_Identity = /* Asserted Identity */
-+{ 1, 0, {0,0,0,0,0,18}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+const struct dom_sid global_sid_Asserted_Identity_Service = /* Asserted Identity Service */
-+{ 1, 1, {0,0,0,0,0,18}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+const struct dom_sid global_sid_Asserted_Identity_Authentication_Authority = /* Asserted Identity Authentication Authority */
-+{ 1, 1, {0,0,0,0,0,18}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-+
- const struct dom_sid global_sid_Network = /* Network rids */
- { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
-
-diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
-index 0ea79a3..7df773e 100644
---- a/librpc/idl/security.idl
-+++ b/librpc/idl/security.idl
-@@ -277,6 +277,9 @@ interface security
- const string SID_NT_TRUSTED_INSTALLER =
- "S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464";
-
-+ const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1";
-+ const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2";
-+
- /* well-known domain RIDs */
- const int DOMAIN_RID_LOGON = 9;
- const int DOMAIN_RID_ENTERPRISE_READONLY_DCS = 498;
---
-2.5.0
-
-
-From be247c05146c45bcea5c06a38ff07e8f0c934ab6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:43:12 +0100
-Subject: [PATCH 2/3] s3-util: add helper functions to deal with the S-1-18
- domain.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/Makefile.in | 2 +-
- source3/include/proto.h | 5 +++++
- source3/lib/util_specialsids.c | 40 ++++++++++++++++++++++++++++++++++++++++
- source3/wscript_build | 1 +
- 4 files changed, 47 insertions(+), 1 deletion(-)
- create mode 100644 source3/lib/util_specialsids.c
-
-diff --git a/source3/Makefile.in b/source3/Makefile.in
-index 9e8e03d..8df2bff 100644
---- a/source3/Makefile.in
-+++ b/source3/Makefile.in
-@@ -456,7 +456,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
- lib/access.o lib/smbrun.o \
- lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \
- lib/wins_srv.o \
-- lib/util_str.o lib/clobber.o lib/util_sid.o \
-+ lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_specialsids.o \
- lib/util_unistr.o ../lib/util/charset/codepoints.o lib/util_file.o \
- lib/util.o lib/util_cmdline.o lib/util_names.o \
- lib/util_sock.o lib/sock_exec.o lib/util_sec.o \
-diff --git a/source3/include/proto.h b/source3/include/proto.h
-index 7303e76..8cd162b 100644
---- a/source3/include/proto.h
-+++ b/source3/include/proto.h
-@@ -1937,6 +1937,11 @@ bool sid_check_is_in_unix_groups(const struct dom_sid *sid);
- const char *unix_groups_domain_name(void);
- bool lookup_unix_group_name(const char *name, struct dom_sid *sid);
-
-+/* The following definitions come from lib/util_specialsids.c */
-+bool sid_check_is_asserted_identity(const struct dom_sid *sid);
-+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid);
-+const char *asserted_identity_domain_name(void);
-+
- /* The following definitions come from lib/filename_util.c */
-
- NTSTATUS get_full_smb_filename(TALLOC_CTX *ctx, const struct smb_filename *smb_fname,
-diff --git a/source3/lib/util_specialsids.c b/source3/lib/util_specialsids.c
-new file mode 100644
-index 0000000..4c402d6
---- /dev/null
-+++ b/source3/lib/util_specialsids.c
-@@ -0,0 +1,40 @@
-+/*
-+ Unix SMB/CIFS implementation.
-+ Copyright (C) Guenther Deschner 2016
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "includes.h"
-+#include "../libcli/security/security.h"
-+
-+bool sid_check_is_asserted_identity(const struct dom_sid *sid)
-+{
-+ return dom_sid_equal(sid, &global_sid_Asserted_Identity);
-+}
-+
-+bool sid_check_is_in_asserted_identity(const struct dom_sid *sid)
-+{
-+ struct dom_sid dom_sid;
-+
-+ sid_copy(&dom_sid, sid);
-+ sid_split_rid(&dom_sid, NULL);
-+
-+ return sid_check_is_asserted_identity(&dom_sid);
-+}
-+
-+const char *asserted_identity_domain_name(void)
-+{
-+ return "Asserted Identity";
-+}
-diff --git a/source3/wscript_build b/source3/wscript_build
-index 40935d1..ceccbb5 100755
---- a/source3/wscript_build
-+++ b/source3/wscript_build
-@@ -74,6 +74,7 @@ LIB_SRC = '''
- lib/bitmap.c lib/dprintf.c
- lib/wins_srv.c
- lib/clobber.c lib/util_sid.c
-+ lib/util_specialsids.c
- lib/util_file.c
- lib/util.c lib/util_cmdline.c lib/util_names.c
- lib/util_sock.c lib/sock_exec.c lib/util_sec.c
---
-2.5.0
-
-
-From bb5c28c8d45be8e26abe37e4873c4b1c59fff782 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
-Date: Fri, 15 Jan 2016 14:43:48 +0100
-Subject: [PATCH 3/3] s3-util: skip S-1-18 sids in token generaion in
- sid_array_from_info3().
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677
-
-Guenther
-
-Signed-off-by: Günther Deschner <gd@samba.org>
----
- source3/lib/util_sid.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
-index f051b7a..92fbc76 100644
---- a/source3/lib/util_sid.c
-+++ b/source3/lib/util_sid.c
-@@ -190,6 +190,11 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
- */
-
- for (i = 0; i < info3->sidcount; i++) {
-+
-+ if (sid_check_is_in_asserted_identity(info3->sids[i].sid)) {
-+ continue;
-+ }
-+
- status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
- &sid_array, &num_sids);
- if (!NT_STATUS_IS_OK(status)) {
---
-2.5.0
-
projects / ipfire-2.x.git / blobdiff