svn commit: samba r23928 - in branches: SAMBA_3_2/source/auth
SAMBA_3_2/source/lib SAMBA_3_2/source/nsswitch
SAMBA_3_2_0/source/auth SAMBA_3_2_0/source/lib
SAMBA_3_2_0/source/nsswitch
gd at samba.org
gd at samba.org
Tue Jul 17 11:47:20 GMT 2007
Author: gd
Date: 2007-07-17 11:47:17 +0000 (Tue, 17 Jul 2007)
New Revision: 23928
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=23928
Log:
Merge all "copy-info3-groups-to-sid-array" blocks to a sid_array_from_info3()
function.
Guenther
Modified:
branches/SAMBA_3_2/source/auth/auth_util.c
branches/SAMBA_3_2/source/lib/util_sid.c
branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_2_0/source/auth/auth_util.c
branches/SAMBA_3_2_0/source/lib/util_sid.c
branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_2/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_2/source/auth/auth_util.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2/source/auth/auth_util.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -1405,8 +1405,6 @@
uid_t uid;
gid_t gid;
- size_t i;
-
auth_serversupplied_info *result;
/*
@@ -1584,37 +1582,13 @@
result->num_sids = 0;
result->sids = NULL;
- /* and create (by appending rids) the 'domain' sids */
-
- for (i = 0; i < info3->num_groups2; i++) {
- DOM_SID sid;
- if (!sid_compose(&sid, &info3->dom_sid.sid,
- info3->gids[i].g_rid)) {
- DEBUG(3,("could not append additional group rid "
- "0x%x\n", info3->gids[i].g_rid));
- TALLOC_FREE(result);
- return NT_STATUS_INVALID_PARAMETER;
- }
- if (!add_sid_to_array(result, &sid, &result->sids,
- &result->num_sids)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < info3->num_other_sids; i++) {
- if (!add_sid_to_array(result, &info3->other_sids[i].sid,
+ nt_status = sid_array_from_info3(result, info3,
&result->sids,
- &result->num_sids)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
+ &result->num_sids,
+ False);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(result);
+ return nt_status;
}
result->login_server = unistr2_tdup(result,
Modified: branches/SAMBA_3_2/source/lib/util_sid.c
===================================================================
--- branches/SAMBA_3_2/source/lib/util_sid.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2/source/lib/util_sid.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -669,3 +669,68 @@
static const DOM_SID null_sid = {0};
return sid_equal(sid, &null_sid);
}
+
+NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
+ const NET_USER_INFO_3 *info3,
+ DOM_SID **user_sids,
+ size_t *num_user_sids,
+ BOOL include_user_group_rid)
+{
+ DOM_SID sid;
+ DOM_SID *sid_array = NULL;
+ size_t num_sids = 0;
+ int i;
+
+ if (include_user_group_rid) {
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->user_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not add user SID from rid 0x%x\n",
+ info3->user_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->group_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->group_rid));
+
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ for (i = 0; i < info3->num_groups2; i++) {
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->gids[i].g_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->gids[i].g_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ /* Copy 'other' sids. We need to do sid filtering here to
+ prevent possible elevation of privileges. See:
+
+ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+ */
+
+ for (i = 0; i < info3->num_other_sids; i++) {
+ if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3, ("could not add SID to array: %s\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ *user_sids = sid_array;
+ *num_user_sids = num_sids;
+
+ return NT_STATUS_OK;
+}
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -165,51 +165,14 @@
}
}
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->user_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not add user SID from rid 0x%x\n",
- info3->user_rid));
- return NT_STATUS_INVALID_PARAMETER;
+ status = sid_array_from_info3(mem_ctx, info3,
+ &token->user_sids,
+ &token->num_sids,
+ True);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->group_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->group_rid));
-
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- for (i = 0; i < info3->num_groups2; i++) {
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->gids[i].g_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->gids[i].g_rid));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < info3->num_other_sids; i++) {
- if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3, ("could not add SID to array: %s\n",
- sid_string_static(&info3->other_sids[i].sid)));
- return NT_STATUS_NO_MEMORY;
- }
- }
-
if (!NT_STATUS_IS_OK(status = add_aliases(get_global_sam_sid(),
token))
|| !NT_STATUS_IS_OK(status = add_aliases(&global_sid_Builtin,
Modified: branches/SAMBA_3_2_0/source/auth/auth_util.c
===================================================================
--- branches/SAMBA_3_2_0/source/auth/auth_util.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2_0/source/auth/auth_util.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -1405,8 +1405,6 @@
uid_t uid;
gid_t gid;
- size_t i;
-
auth_serversupplied_info *result;
/*
@@ -1584,37 +1582,13 @@
result->num_sids = 0;
result->sids = NULL;
- /* and create (by appending rids) the 'domain' sids */
-
- for (i = 0; i < info3->num_groups2; i++) {
- DOM_SID sid;
- if (!sid_compose(&sid, &info3->dom_sid.sid,
- info3->gids[i].g_rid)) {
- DEBUG(3,("could not append additional group rid "
- "0x%x\n", info3->gids[i].g_rid));
- TALLOC_FREE(result);
- return NT_STATUS_INVALID_PARAMETER;
- }
- if (!add_sid_to_array(result, &sid, &result->sids,
- &result->num_sids)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < info3->num_other_sids; i++) {
- if (!add_sid_to_array(result, &info3->other_sids[i].sid,
+ nt_status = sid_array_from_info3(result, info3,
&result->sids,
- &result->num_sids)) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
+ &result->num_sids,
+ False);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(result);
+ return nt_status;
}
result->login_server = unistr2_tdup(result,
Modified: branches/SAMBA_3_2_0/source/lib/util_sid.c
===================================================================
--- branches/SAMBA_3_2_0/source/lib/util_sid.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2_0/source/lib/util_sid.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -669,3 +669,68 @@
static const DOM_SID null_sid = {0};
return sid_equal(sid, &null_sid);
}
+
+NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
+ const NET_USER_INFO_3 *info3,
+ DOM_SID **user_sids,
+ size_t *num_user_sids,
+ BOOL include_user_group_rid)
+{
+ DOM_SID sid;
+ DOM_SID *sid_array = NULL;
+ size_t num_sids = 0;
+ int i;
+
+ if (include_user_group_rid) {
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->user_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not add user SID from rid 0x%x\n",
+ info3->user_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->group_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->group_rid));
+
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ for (i = 0; i < info3->num_groups2; i++) {
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->gids[i].g_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->gids[i].g_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ /* Copy 'other' sids. We need to do sid filtering here to
+ prevent possible elevation of privileges. See:
+
+ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+ */
+
+ for (i = 0; i < info3->num_other_sids; i++) {
+ if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3, ("could not add SID to array: %s\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ *user_sids = sid_array;
+ *num_user_sids = num_sids;
+
+ return NT_STATUS_OK;
+}
Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c 2007-07-17 11:22:43 UTC (rev 23927)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c 2007-07-17 11:47:17 UTC (rev 23928)
@@ -165,51 +165,14 @@
}
}
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->user_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not add user SID from rid 0x%x\n",
- info3->user_rid));
- return NT_STATUS_INVALID_PARAMETER;
+ status = sid_array_from_info3(mem_ctx, info3,
+ &token->user_sids,
+ &token->num_sids,
+ True);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->group_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->group_rid));
-
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- for (i = 0; i < info3->num_groups2; i++) {
- if (!sid_compose(&sid, &(info3->dom_sid.sid),
- info3->gids[i].g_rid)
- || !add_sid_to_array(mem_ctx, &sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3,("could not append additional group rid 0x%x\n",
- info3->gids[i].g_rid));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
-
- /* Copy 'other' sids. We need to do sid filtering here to
- prevent possible elevation of privileges. See:
-
- http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
- */
-
- for (i = 0; i < info3->num_other_sids; i++) {
- if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
- &token->user_sids, &token->num_sids)) {
- DEBUG(3, ("could not add SID to array: %s\n",
- sid_string_static(&info3->other_sids[i].sid)));
- return NT_STATUS_NO_MEMORY;
- }
- }
-
if (!NT_STATUS_IS_OK(status = add_aliases(get_global_sam_sid(),
token))
|| !NT_STATUS_IS_OK(status = add_aliases(&global_sid_Builtin,
More information about the samba-cvs
mailing list