sddl: Fix incorrect SDDL SID strings

author Joseph Sutton <josephsutton@catalyst.net.nz>

Mon, 14 Mar 2022 05:14:15 +0000 (18:14 +1300)

committer Joseph Sutton <jsutton@samba.org>

Thu, 17 Mar 2022 23:11:37 +0000 (23:11 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Mon, 14 Mar 2022 05:14:15 +0000 (18:14 +1300)
committer Joseph Sutton <jsutton@samba.org>
Thu, 17 Mar 2022 23:11:37 +0000 (23:11 +0000)
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c

index 26049ec458a0ca3e809b714b5f2f293822e2be10..046a9284f5ea48462989b9c5e43640d0b3cebfa5 100644 (file)
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -104,7 +104,6 @@ static const struct {
         { .code = "SY", .sid = SID_NT_SYSTEM },
         { .code = "LS", .sid = SID_NT_LOCAL_SERVICE },
         { .code = "NS", .sid = SID_NT_NETWORK_SERVICE },
-       { .code = "IS", .sid = SID_NT_IUSR },
  
         { .code = "BA", .sid = SID_BUILTIN_ADMINISTRATORS },
         { .code = "BU", .sid = SID_BUILTIN_USERS },
@@ -121,11 +120,15 @@ static const struct {
         { .code = "NO", .sid = SID_BUILTIN_NETWORK_CONF_OPERATORS },
         { .code = "IF", .sid = SID_BUILTIN_INCOMING_FOREST_TRUST },
  
+       { .code = "IS", .sid = SID_BUILTIN_IUSERS },
+       { .code = "ER", .sid = SID_BUILTIN_EVENT_LOG_READERS },
+
+       { .code = "RO", .sid = NULL, .rid = DOMAIN_RID_ENTERPRISE_READONLY_DCS },
+
         { .code = "LA", .sid = NULL, .rid = DOMAIN_RID_ADMINISTRATOR },
         { .code = "LG", .sid = NULL, .rid = DOMAIN_RID_GUEST },
         { .code = "LK", .sid = NULL, .rid = DOMAIN_RID_KRBTGT },
  
-       { .code = "ER", .sid = NULL, .rid = DOMAIN_RID_ENTERPRISE_READONLY_DCS },
         { .code = "DA", .sid = NULL, .rid = DOMAIN_RID_ADMINS },
         { .code = "DU", .sid = NULL, .rid = DOMAIN_RID_USERS },
         { .code = "DG", .sid = NULL, .rid = DOMAIN_RID_GUESTS },
@@ -135,7 +138,6 @@ static const struct {
         { .code = "SA", .sid = NULL, .rid = DOMAIN_RID_SCHEMA_ADMINS },
         { .code = "EA", .sid = NULL, .rid = DOMAIN_RID_ENTERPRISE_ADMINS },
         { .code = "PA", .sid = NULL, .rid = DOMAIN_RID_POLICY_ADMINS },
-       { .code = "RO", .sid = NULL, .rid = DOMAIN_RID_READONLY_DCS },
         { .code = "RS", .sid = NULL, .rid = DOMAIN_RID_RAS_SERVERS }
  };
  
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl

index 9845becd826501304dba80d00edd9bbed8af95c2..0736cf187259d9131d0401ed981d9c33d6a9b200 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -274,6 +274,7 @@ interface security
         const string SID_BUILTIN_AUTH_ACCESS            = "S-1-5-32-560";
         const string SID_BUILTIN_TS_LICENSE_SERVERS     = "S-1-5-32-561";
         const string SID_BUILTIN_DISTRIBUTED_COM_USERS  = "S-1-5-32-562";
+       const string SID_BUILTIN_IUSERS         = "S-1-5-32-568";
         const string SID_BUILTIN_CRYPTO_OPERATORS       = "S-1-5-32-569";
         const string SID_BUILTIN_EVENT_LOG_READERS      = "S-1-5-32-573";
         const string SID_BUILTIN_CERT_SERV_DCOM_ACCESS  = "S-1-5-32-574";
@@ -344,6 +345,7 @@ interface security
         const int BUILTIN_RID_AUTH_ACCESS               = 560;
         const int BUILTIN_RID_TS_LICENSE_SERVERS        = 561;
         const int BUILTIN_RID_DISTRIBUTED_COM_USERS     = 562;
+       const int BUILTIN_RID_IUSERS                    = 568;
         const int BUILTIN_RID_CRYPTO_OPERATORS          = 569;
         const int BUILTIN_RID_EVENT_LOG_READERS         = 573;
         const int BUILTIN_RID_CERT_SERV_DCOM_ACCESS     = 574;
diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings

index ac7683b8a5521c8e2e19954a8ff42b2e13cadb7f..87fa4eb15f76a4456b5d5b773a35e4f49d449f74 100644 (file)
--- a/selftest/knownfail.d/sid-strings
+++ b/selftest/knownfail.d/sid-strings
@@ -8,12 +8,10 @@
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_CN.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_CY.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_EK.ad_dc
-^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_ER.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_ES.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_HA.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_HI.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_IF.ad_dc
-^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_IS.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_KA.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_LK.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_LU.ad_dc
@@ -25,7 +23,6 @@
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_OW.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_RA.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_RM.ad_dc
-^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_RO.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_SI.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_SS.ad_dc
  ^samba.tests.sid_strings.samba.tests.sid_strings.SidStringTests.test_sid_string_WR.ad_dc
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Mon, 14 Mar 2022 05:14:15 +0000 (18:14 +1300)
committer	Joseph Sutton <jsutton@samba.org>
	Thu, 17 Mar 2022 23:11:37 +0000 (23:11 +0000)
libcli/security/sddl.c		patch \| blob \| history
librpc/idl/security.idl		patch \| blob \| history
selftest/knownfail.d/sid-strings		patch \| blob \| history