summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2008-09-29 16:01:07 -0700
committerAndrew Tridgell <tridge@samba.org>2008-09-29 16:01:07 -0700
commit750a848d0dbae8ea66a9f265294d7f95556c0c27 (patch)
treee060685e6cce6b2d3d6f2c064e7df3604d228205
parenta270ddb6e3d5bd5b72558809877d27c3c344797d (diff)
downloadsamba-750a848d0dbae8ea66a9f265294d7f95556c0c27.tar.gz
samba-750a848d0dbae8ea66a9f265294d7f95556c0c27.tar.bz2
samba-750a848d0dbae8ea66a9f265294d7f95556c0c27.zip
added some more well known SIDs - thanks to the WSPP LSAT test suite
-rw-r--r--source4/librpc/idl/security.idl6
-rw-r--r--source4/rpc_server/lsa/lsa_lookup.c43
-rw-r--r--source4/setup/provision_users.ldif60
3 files changed, 108 insertions, 1 deletions
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 80efe46453..ac7641c0af 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -153,6 +153,7 @@ interface security
const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
const string SID_CREATOR_OWNER = "S-1-3-0";
const string SID_CREATOR_GROUP = "S-1-3-1";
+ const string SID_OWNER_RIGHTS = "S-1-3-4";
/* SECURITY_NT_AUTHORITY */
const string NAME_NT_AUTHORITY = "NT AUTHORITY";
@@ -172,9 +173,14 @@ interface security
const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14";
const string SID_NT_THIS_ORGANISATION = "S-1-5-15";
+ const string SID_NT_IUSR = "S-1-5-17";
const string SID_NT_SYSTEM = "S-1-5-18";
const string SID_NT_LOCAL_SERVICE = "S-1-5-19";
const string SID_NT_NETWORK_SERVICE = "S-1-5-20";
+ const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
+ const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10";
+ const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
+ const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000";
/* SECURITY_BUILTIN_DOMAIN_RID */
const string NAME_BUILTIN = "BUILTIN";
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 30bceb8139..acd3164b69 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -44,6 +44,11 @@ static const struct {
.rtype = SID_NAME_WKN_GRP,
},
{
+ .name = "Owner Rights",
+ .sid = SID_OWNER_RIGHTS,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
.domain = "NT AUTHORITY",
.name = "Dialup",
.sid = SID_NT_DIALUP,
@@ -111,7 +116,7 @@ static const struct {
},
{
.domain = "NT AUTHORITY",
- .name = "Termainal Server User",
+ .name = "Terminal Server User",
.sid = SID_NT_TERMINAL_SERVER_USERS,
.rtype = SID_NAME_WKN_GRP,
},
@@ -146,6 +151,42 @@ static const struct {
.rtype = SID_NAME_WKN_GRP,
},
{
+ .domain = "NT AUTHORITY",
+ .name = "Digest Authentication",
+ .sid = SID_NT_DIGEST_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "Enterprise Domain Controllers",
+ .sid = SID_NT_ENTERPRISE_DCS,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "NTLM Authentication",
+ .sid = SID_NT_NTLM_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "Other Organization",
+ .sid = SID_NT_OTHER_ORGANISATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "SChannel Authentication",
+ .sid = SID_NT_SCHANNEL_AUTHENTICATION,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
+ .domain = "NT AUTHORITY",
+ .name = "IUSR",
+ .sid = SID_NT_IUSR,
+ .rtype = SID_NAME_WKN_GRP,
+ },
+ {
.sid = NULL,
}
};
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 854c42d07c..c61cb805c4 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -137,6 +137,66 @@ sAMAccountName: RAS and IAS Servers
groupType: -2147483644
isCriticalSystemObject: TRUE
+dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Read-Only Domain Controllers
+description: read-only domain controllers
+objectSid: ${DOMAINSID}-521
+sAMAccountName: Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Read-Only Domain Controllers
+description: enterprise read-only domain controllers
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Certificate Service DCOM Access
+description: Certificate Service DCOM Access
+objectSid: ${DOMAINSID}-574
+sAMAccountName: Certificate Service DCOM Access
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cryptographic Operators
+description: Cryptographic Operators
+objectSid: ${DOMAINSID}-569
+sAMAccountName: Cryptographic Operators
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Event Log Readers
+description: Event Log Readers
+objectSid: ${DOMAINSID}-573
+sAMAccountName: Event Log Readers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: IIS_IUSRS
+description: IIS_IUSRS
+objectSid: ${DOMAINSID}-568
+sAMAccountName: IIS_IUSRS
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
dn: CN=Administrators,CN=Builtin,${DOMAINDN}
objectClass: top
objectClass: group