diff options
-rw-r--r-- | source4/rpc_server/lsa/lsa_lookup.c | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index fc45c8bc0f..27371ea8d1 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -239,8 +239,9 @@ static NTSTATUS lookup_well_known_sids(TALLOC_CTX *mem_ctx, static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, struct loadparm_context *lp_ctx, struct lsa_policy_state *state, TALLOC_CTX *mem_ctx, - const char *name, const char **authority_name, - struct dom_sid **sid, enum lsa_SidType *rtype) + const char *name, const char **authority_name, + struct dom_sid **sid, enum lsa_SidType *rtype, + uint32_t *rid) { int ret, atype, i; struct ldb_message **res; @@ -274,6 +275,15 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, /* Look up table of well known names */ status = lookup_well_known_names(mem_ctx, NULL, username, authority_name, sid, rtype); if (NT_STATUS_IS_OK(status)) { + dom_sid_split_rid(NULL, *sid, NULL, rid); + return NT_STATUS_OK; + } + + if (username == NULL) { + *authority_name = NAME_BUILTIN; + *sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN); + *rtype = SID_NAME_DOMAIN; + *rid = 0xFFFFFFFF; return NT_STATUS_OK; } @@ -281,24 +291,28 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, *authority_name = NAME_NT_AUTHORITY; *sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY); *rtype = SID_NAME_DOMAIN; + dom_sid_split_rid(NULL, *sid, NULL, rid); return NT_STATUS_OK; } if (strcasecmp_m(username, NAME_BUILTIN) == 0) { *authority_name = NAME_BUILTIN; *sid = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN); *rtype = SID_NAME_DOMAIN; + *rid = 0xFFFFFFFF; return NT_STATUS_OK; } if (strcasecmp_m(username, state->domain_dns) == 0) { *authority_name = state->domain_name; *sid = state->domain_sid; *rtype = SID_NAME_DOMAIN; + *rid = 0xFFFFFFFF; return NT_STATUS_OK; } if (strcasecmp_m(username, state->domain_name) == 0) { *authority_name = state->domain_name; *sid = state->domain_sid; *rtype = SID_NAME_DOMAIN; + *rid = 0xFFFFFFFF; return NT_STATUS_OK; } @@ -307,7 +321,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, if (!name) { return NT_STATUS_NO_MEMORY; } - status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype); + status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid); if (NT_STATUS_IS_OK(status)) { return status; } @@ -317,7 +331,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, if (!name) { return NT_STATUS_NO_MEMORY; } - status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype); + status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid); if (NT_STATUS_IS_OK(status)) { return status; } @@ -327,7 +341,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, if (!name) { return NT_STATUS_NO_MEMORY; } - status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype); + status = dcesrv_lsa_lookup_name(ev_ctx, lp_ctx, state, mem_ctx, name, authority_name, sid, rtype, rid); if (NT_STATUS_IS_OK(status)) { return status; } @@ -338,12 +352,17 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, *authority_name = NAME_NT_AUTHORITY; *sid = dom_sid_parse_talloc(mem_ctx, SID_NT_AUTHORITY); *rtype = SID_NAME_DOMAIN; + dom_sid_split_rid(NULL, *sid, NULL, rid); return NT_STATUS_OK; } /* Look up table of well known names */ - return lookup_well_known_names(mem_ctx, domain, username, authority_name, - sid, rtype); + status = lookup_well_known_names(mem_ctx, domain, username, authority_name, + sid, rtype); + if (NT_STATUS_IS_OK(status)) { + dom_sid_split_rid(NULL, *sid, NULL, rid); + } + return status; } else if (strcasecmp_m(domain, NAME_BUILTIN) == 0) { *authority_name = NAME_BUILTIN; domain_dn = state->builtin_dn; @@ -371,6 +390,7 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx, if (!*username) { *sid = domain_sid; *rtype = SID_NAME_DOMAIN; + *rid = 0xFFFFFFFF; return NT_STATUS_OK; } @@ -774,7 +794,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, const char *name = r->in.names[i].string; const char *authority_name; struct dom_sid *sid; - uint32_t sid_index; + uint32_t sid_index, rid; enum lsa_SidType rtype; NTSTATUS status2; @@ -785,7 +805,8 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].sid_index = 0xFFFFFFFF; r->out.sids->sids[i].flags = 0; - status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype); + status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, + &authority_name, &sid, &rtype, &rid); if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) { continue; } @@ -915,7 +936,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, const char *name = r->in.names[i].string; const char *authority_name; struct dom_sid *sid; - uint32_t rtype, sid_index; + uint32_t rtype, sid_index, rid=0; NTSTATUS status2; r->out.sids->count++; @@ -929,7 +950,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].unknown = 0; status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, state, mem_ctx, name, - &authority_name, &sid, &rtype); + &authority_name, &sid, &rtype, &rid); if (!NT_STATUS_IS_OK(status2)) { continue; } @@ -941,7 +962,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, } r->out.sids->sids[i].sid_type = rtype; - r->out.sids->sids[i].rid = sid->sub_auths[sid->num_auths-1]; + r->out.sids->sids[i].rid = rid; r->out.sids->sids[i].sid_index = sid_index; r->out.sids->sids[i].unknown = 0; |