[sssd PR#972][comment] Fix build failure against samba 4.12.0rc1
by pbrezina
URL: https://github.com/SSSD/sssd/pull/972
Title: #972: Fix build failure against samba 4.12.0rc1
pbrezina commented:
"""
So it builds fine, however it does not seem to work correctly.
Sometimes the GPO is found but is not stored correctly due to this error:
```
(Tue Feb 4 14:35:07 2020) [sssd[be[ad.vm]]] [gpo_cse_done] (0x0020): ad_gpo_parse_gpo_child_response failed: [22][Invalid argument]
(Tue Feb 4 14:35:07 2020) [sssd[be[ad.vm]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {94071367-F656-4BDF-BF1B-6B527CA5E1C0}
(Tue Feb 4 14:35:07 2020) [sssd[be[ad.vm]]] [ad_gpo_cse_done] (0x0040): Unable to retrieve policy data: [22](Invalid argument}
(Tue Feb 4 14:35:07 2020) [sssd[be[ad.vm]]] [ad_gpo_access_done] (0x0040): GPO-based access control failed.
```
When we store the GPO correctly, the access is not denied. It seems that the user name is malformed:
```
1869 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [sysdb_gpo_store_gpo] (0x0400): Adding new GPO [gpo_guid:{94071367-F656-4BDF-BF1B-6B527CA5E1C0}][gpo_version:3]
1870 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_cse_done] (0x0400): gpo_guid: {94071367-F656-4BDF-BF1B-6B527CA5E1C0}
1871 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [sysdb_gpo_store_gpo_result_setting] (0x0400): Storing setting: key [SeDenyInteractiveLogonRight] value [user-1]
1872 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeInteractiveLogonRight] value [(null)]
1873 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [parse_policy_setting_value] (0x0400): No value for key [SeInteractiveLogonRight] found in gpo result
1874 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [sysdb_gpo_get_gpo_result_setting] (0x0400): key [SeDenyInteractiveLogonRight] value [user-1]
1875 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): RESULTANT POLICY:
1876 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): gpo_map_type: Interactive
1877 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): allowed_size = 0
1878 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): denied_size = 1
1879 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): denied_sids[0] = ser-1
1880 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): CURRENT USER:
1881 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): user_sid = S-1-5-21-433998187-2822908608-1404606238-1107
1882 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): group_sids[0] = S-1-5-21-433998187-2822908608-1404606238-513
1883 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): group_sids[1] = S-1-5-11
1884 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): POLICY DECISION:
1885 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): access_granted = 1
1886 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_check] (0x0400): access_denied = 0
1887 (Tue Feb 4 14:40:44 2020) [sssd[be[ad.vm]]] [ad_gpo_access_done] (0x0400): GPO-based access control successful.
```
These things seem to happen after affected ndr functions are called.
"""
See the full comment at https://github.com/SSSD/sssd/pull/972#issuecomment-581942093
4 years, 1 month