added some more well known SIDs - thanks to the WSPP LSAT test suite

3 files changed, 108 insertions, 1 deletions

diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 80efe46453..ac7641c0af 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -153,6 +153,7 @@ interface security
 	const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
 	const string SID_CREATOR_OWNER        = "S-1-3-0";
 	const string SID_CREATOR_GROUP        = "S-1-3-1";
+	const string SID_OWNER_RIGHTS         = "S-1-3-4";
 
 	/* SECURITY_NT_AUTHORITY */
 	const string NAME_NT_AUTHORITY            = "NT AUTHORITY";
@@ -172,9 +173,14 @@ interface security
 	const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
 	const string SID_NT_REMOTE_INTERACTIVE    = "S-1-5-14";
 	const string SID_NT_THIS_ORGANISATION     = "S-1-5-15";
+	const string SID_NT_IUSR                  = "S-1-5-17";
 	const string SID_NT_SYSTEM                = "S-1-5-18";
 	const string SID_NT_LOCAL_SERVICE         = "S-1-5-19";
 	const string SID_NT_NETWORK_SERVICE       = "S-1-5-20";
+	const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
+	const string SID_NT_NTLM_AUTHENTICATION   = "S-1-5-64-10";
+	const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
+	const string SID_NT_OTHER_ORGANISATION    = "S-1-5-1000";
 
 	/* SECURITY_BUILTIN_DOMAIN_RID */
 	const string NAME_BUILTIN                  = "BUILTIN";
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 30bceb8139..acd3164b69 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -44,6 +44,11 @@ static const struct {
 		.rtype = SID_NAME_WKN_GRP,
 	},
 	{
+		.name = "Owner Rights",
+		.sid = SID_OWNER_RIGHTS,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
 		.domain = "NT AUTHORITY",
 		.name = "Dialup",
 		.sid = SID_NT_DIALUP,
@@ -111,7 +116,7 @@ static const struct {
 	},
 	{
 		.domain = "NT AUTHORITY",
-		.name = "Termainal Server User",
+		.name = "Terminal Server User",
 		.sid = SID_NT_TERMINAL_SERVER_USERS,
 		.rtype = SID_NAME_WKN_GRP,
 	},
@@ -146,6 +151,42 @@ static const struct {
 		.rtype = SID_NAME_WKN_GRP,
 	},
 	{
+		.domain = "NT AUTHORITY",
+		.name = "Digest Authentication",
+		.sid = SID_NT_DIGEST_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "Enterprise Domain Controllers",
+		.sid = SID_NT_ENTERPRISE_DCS,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "NTLM Authentication",
+		.sid = SID_NT_NTLM_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "Other Organization",
+		.sid = SID_NT_OTHER_ORGANISATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "SChannel Authentication",
+		.sid = SID_NT_SCHANNEL_AUTHENTICATION,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
+		.domain = "NT AUTHORITY",
+		.name = "IUSR",
+		.sid = SID_NT_IUSR,
+		.rtype = SID_NAME_WKN_GRP,
+	},
+	{
 		.sid = NULL,
 	}
 };
diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif
index 854c42d07c..c61cb805c4 100644
--- a/source4/setup/provision_users.ldif
+++ b/source4/setup/provision_users.ldif
@@ -137,6 +137,66 @@ sAMAccountName: RAS and IAS Servers
 groupType: -2147483644
 isCriticalSystemObject: TRUE
 
+dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Read-Only Domain Controllers
+description: read-only domain controllers
+objectSid: ${DOMAINSID}-521
+sAMAccountName: Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Enterprise Read-Only Domain Controllers
+description: enterprise read-only domain controllers
+objectSid: ${DOMAINSID}-498
+sAMAccountName: Enterprise Read-Only Domain Controllers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Certificate Service DCOM Access
+description: Certificate Service DCOM Access
+objectSid: ${DOMAINSID}-574
+sAMAccountName: Certificate Service DCOM Access
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Cryptographic Operators
+description: Cryptographic Operators
+objectSid: ${DOMAINSID}-569
+sAMAccountName: Cryptographic Operators
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=Event Log Readers,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: Event Log Readers
+description: Event Log Readers
+objectSid: ${DOMAINSID}-573
+sAMAccountName: Event Log Readers
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
+dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN}
+objectClass: top
+objectClass: group
+cn: IIS_IUSRS
+description: IIS_IUSRS
+objectSid: ${DOMAINSID}-568
+sAMAccountName: IIS_IUSRS
+groupType: -2147483644
+isCriticalSystemObject: TRUE
+
 dn: CN=Administrators,CN=Builtin,${DOMAINDN}
 objectClass: top
 objectClass: group