Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

well-known SID check is broken for NetBIOS prefixes #3758

Closed
sssd-bot opened this issue May 2, 2020 · 0 comments
Closed

well-known SID check is broken for NetBIOS prefixes #3758

sssd-bot opened this issue May 2, 2020 · 0 comments
Assignees
@sumit-bose
Labels
Bugzilla Closed: Fixed Issue was closed as fixed.

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2717

When AD user or group is specified using flatname (ADX\Domain Admins instead of Domain Admins@adx.test), and name to SID translation is requested, a check for well-known SID uses wrong expression to parse specified name, considers it wrong and bails out.

As result, it breaks FreeIPA resolving names to SIDs in 'ipa group-add-member --external' command.

Python 2.7.10 (default, Jul  5 2015, 14:15:43) 
[GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('ADX\\Domain Admins')
{}
>>> pysss_nss_idmap.getsidbyname("ADX\\Domain Admins")
{}
>>> pysss_nss_idmap.getsidbyname('ADX\Domain Admins')
{}
>>> pysss_nss_idmap.getsidbyname("ADX\Domain Admins")
{}
>>>

If I specify an explicit 're_expression' that includes flatname prefix, things work:

# grep re_expression /etc/sssd/sssd.conf
re_expression = (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))
# python
Python 2.7.10 (default, Jul  5 2015, 14:15:43) 
[GCC 5.1.1 20150618 (Red Hat 5.1.1-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pysss_nss_idmap
>>> pysss_nss_idmap.getsidbyname('ADX\Domain Admins')
{'ADX\\Domain Admins': {'type': 2, 'sid': u'S-1-5-21-3491614383-3036065072-3935721777-512'}}
>>>

Comments

Comment from sbose at 2015-07-14 14:43:12

Fields changed

owner: somebody => sbose
status: new => assigned

Comment from sbose at 2015-07-14 15:02:51

Fields changed

patch: 0 => 1

Comment from jhrozek at 2015-07-14 15:04:43

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1242942

rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1242942 1242942]

Comment from jhrozek at 2015-07-16 15:30:48

milestone: NEEDS_TRIAGE => SSSD 1.13.1

Comment from jhrozek at 2015-08-05 13:09:10

Fields changed

resolution: => fixed
status: assigned => closed

Comment from abbra at 2017-02-24 14:38:33

Metadata Update from @abbra:

  • Issue assigned to sbose
  • Issue set to the milestone: SSSD 1.13.1
@sssd-bot sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. labels May 2, 2020
@sssd-bot sssd-bot closed this as completed May 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sumit-bose sumit-bose

Labels
Bugzilla Closed: Fixed Issue was closed as fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sumit-bose @sssd-bot