svn commit: samba r4946 - in branches/SAMBA_3_0/source: include rpc_parse

vlendec at samba.org vlendec at samba.org
Sun Jan 23 14:10:57 GMT 2005


Author: vlendec
Date: 2005-01-23 14:10:57 +0000 (Sun, 23 Jan 2005)
New Revision: 4946

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4946

Log:
Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.

Please review thoroughly, samba4 idl looks closer to reality here.

Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.

Thanks,

Volker

Modified:
   branches/SAMBA_3_0/source/include/rpc_netlogon.h
   branches/SAMBA_3_0/source/rpc_parse/parse_net.c


Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h
===================================================================
--- branches/SAMBA_3_0/source/include/rpc_netlogon.h	2005-01-23 12:24:36 UTC (rev 4945)
+++ branches/SAMBA_3_0/source/include/rpc_netlogon.h	2005-01-23 14:10:57 UTC (rev 4946)
@@ -190,9 +190,8 @@
 
 	DOM_SID2 dom_sid;           /* domain SID */
 
-	uint32 num_other_groups;        /* other groups */
-	DOM_GID *other_gids; /* group info */
 	DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */
+	uint32 *other_sids_attrib;
 
 } NET_USER_INFO_3;
 

Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_parse/parse_net.c	2005-01-23 12:24:36 UTC (rev 4945)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c	2005-01-23 14:10:57 UTC (rev 4946)
@@ -1646,31 +1646,52 @@
 	if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth))           /* domain SID */
 		return False;
 
-	if (usr->num_other_sids) {
+	if (usr->buffer_other_sids) {
 
+		uint32 num_other_sids = usr->num_other_sids;
+
+		if (!prs_uint32("num_other_sids", ps, depth,
+				&num_other_sids))
+			return False;
+
+		if (num_other_sids != usr->num_other_sids)
+			return False;
+
 		if (UNMARSHALLING(ps)) {
 			usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids);
-			if (usr->other_sids == NULL)
+			usr->other_sids_attrib =
+				PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids);
+							       
+			if ((num_other_sids != 0) &&
+			    ((usr->other_sids == NULL) ||
+			     (usr->other_sids_attrib == NULL)))
 				return False;
 		}
-	
-		if(!prs_uint32("num_other_groups", ps, depth, &usr->num_other_groups))
-			return False;
 
-		if (UNMARSHALLING(ps) && usr->num_other_groups > 0) {
-			usr->other_gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_other_groups);
-			if (usr->other_gids == NULL)
+		/* First the pointers to the SIDS and attributes */
+
+		depth++;
+
+		for (i=0; i<usr->num_other_sids; i++) {
+			uint32 ptr = 1;
+
+			if (!prs_uint32("sid_ptr", ps, depth, &ptr))
 				return False;
+
+			if (UNMARSHALLING(ps) && (ptr == 0))
+				return False;
+
+			if (!prs_uint32("attribute", ps, depth,
+					&usr->other_sids_attrib[i]))
+				return False;
 		}
 	
-		for (i = 0; i < usr->num_other_groups; i++) {
-			if(!smb_io_gid("", &usr->other_gids[i], ps, depth)) /* other GIDs */
-				return False;
-		}
 		for (i = 0; i < usr->num_other_sids; i++) {
 			if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
 				return False;
 		}
+
+		depth--;
 	}
 
 	return True;



More information about the samba-cvs mailing list