[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Aug 26 22:41:06 UTC 2015
The branch, master has been updated
via c9d97e3 lib: Make sid_linearize take a uint8_t
via de421d8 lib: Remove unused sid_blob_parse
via aa38175 lib: Convert callers of sid_blob_parse to sid_parse
via 4a442e2 lib: Make sid_parse take a uint8_t
from dba9e63 Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c9d97e3a2e7d2d9ca6612fdeb5fdf7a84781bbc1
Author: Volker Lendecke <vl at samba.org>
Date: Wed Aug 26 10:52:44 2015 +0200
lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
commit de421d8826e9b0595350e15afa7c8bb1fd18d301
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 24 16:50:44 2015 +0200
lib: Remove unused sid_blob_parse
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit aa38175e00d58e0708e06b7c1e3a1a8690569a0a
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 24 16:46:12 2015 +0200
lib: Convert callers of sid_blob_parse to sid_parse
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4a442e2eb7e0b2c62bcc355d461dfd1aaf8c26e8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Aug 24 12:33:28 2015 +0200
lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/dom_sid.h | 3 +--
libcli/security/util_sid.c | 20 ++++++--------------
source3/include/proto.h | 2 +-
source3/lib/smbldap.c | 2 +-
source3/lib/tldap_util.c | 2 +-
source3/lib/util_sid.c | 6 +++---
source3/libads/ldap.c | 8 +++++---
source3/libsmb/cliquota.c | 6 +++---
source3/modules/vfs_default.c | 2 +-
source3/passdb/pdb_ipa.c | 2 +-
source3/smbd/nttrans.c | 10 ++++++----
source3/smbd/trans2.c | 3 ++-
source3/torture/torture.c | 6 +++---
source4/dsdb/common/util.c | 2 +-
source4/torture/unix/whoami.c | 16 +++++++++++++---
15 files changed, 48 insertions(+), 42 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index cf3cedea..990a4c4 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -93,8 +93,7 @@ bool sid_split_rid(struct dom_sid *sid, uint32_t *rid);
bool sid_peek_rid(const struct dom_sid *sid, uint32_t *rid);
bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid);
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
-bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid);
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
+bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid);
int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **sids, uint32_t *num);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 7d72d64..3399801 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -254,14 +254,16 @@ void sid_copy(struct dom_sid *dst, const struct dom_sid *src)
}
/*****************************************************************
- Parse a on-the-wire SID (in a DATA_BLOB) to a struct dom_sid.
+ Parse a on-the-wire SID to a struct dom_sid.
*****************************************************************/
-bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid)
+bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid)
{
+ DATA_BLOB in = data_blob_const(inbuf, len);
enum ndr_err_code ndr_err;
- ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid,
- (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+
+ ndr_err = ndr_pull_struct_blob_all(
+ &in, NULL, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
@@ -269,16 +271,6 @@ bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid)
}
/*****************************************************************
- Parse a on-the-wire SID to a struct dom_sid.
-*****************************************************************/
-
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
-{
- DATA_BLOB in = data_blob_const(inbuf, len);
- return sid_blob_parse(in, sid);
-}
-
-/*****************************************************************
See if 2 SIDs are in the same domain
this just compares the leading sub-auths
*****************************************************************/
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b8f4a67..0af8cdd 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -525,7 +525,7 @@ char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
char *sid_string_dbg(const struct dom_sid *sid);
char *sid_string_tos(const struct dom_sid *sid);
-bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
+bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid);
bool non_mappable_sid(struct dom_sid *sid);
char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
struct netr_SamInfo3;
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index f2d58a5..75116d2 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -237,7 +237,7 @@
&blob)) {
return false;
}
- ret = sid_parse((char *)blob.data, blob.length, sid);
+ ret = sid_parse(blob.data, blob.length, sid);
TALLOC_FREE(blob.data);
return ret;
}
diff --git a/source3/lib/tldap_util.c b/source3/lib/tldap_util.c
index 45bf19f..de1d4ba 100644
--- a/source3/lib/tldap_util.c
+++ b/source3/lib/tldap_util.c
@@ -93,7 +93,7 @@ bool tldap_pull_binsid(struct tldap_message *msg, const char *attribute,
if (!tldap_get_single_valueblob(msg, attribute, &val)) {
return false;
}
- return sid_parse((char *)val.data, val.length, sid);
+ return sid_parse(val.data, val.length, sid);
}
bool tldap_pull_guid(struct tldap_message *msg, const char *attribute,
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index e336510..4b6fb81 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -72,7 +72,7 @@ char *sid_string_tos(const struct dom_sid *sid)
Write a sid out into on-the-wire format.
*****************************************************************/
-bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid)
+bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid)
{
size_t i;
@@ -116,9 +116,9 @@ bool non_mappable_sid(struct dom_sid *sid)
char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
int len = ndr_size_dom_sid(sid, 0);
- char buf[len];
+ uint8_t buf[len];
sid_linearize(buf, len, sid);
- return hex_encode_talloc(mem_ctx, (const unsigned char *)buf, len);
+ return hex_encode_talloc(mem_ctx, buf, len);
}
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 8763164..e8ccfa9 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2361,7 +2361,8 @@ static void dump_sid(ADS_STRUCT *ads, const char *field, struct berval **values)
for (i=0; values[i]; i++) {
struct dom_sid sid;
fstring tmp;
- if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+ if (!sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &sid)) {
return;
}
printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
@@ -2891,7 +2892,8 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
count = 0;
for (i=0; values[i]; i++) {
- ret = sid_parse(values[i]->bv_val, values[i]->bv_len, &(*sids)[count]);
+ ret = sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &(*sids)[count]);
if (ret) {
DEBUG(10, ("pulling SID: %s\n",
sid_string_dbg(&(*sids)[count])));
@@ -3456,7 +3458,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
- if (!sid_parse(buf, buf_len, sid)) {
+ if (!sid_parse((const uint8_t *)buf, buf_len, sid)) {
DEBUG(10,("failed to parse sid\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c
index 21dc72e..875c419 100644
--- a/source3/libsmb/cliquota.c
+++ b/source3/libsmb/cliquota.c
@@ -89,7 +89,7 @@ static bool parse_user_quota_record(const uint8_t *rdata,
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(rdata,32);
- if (!sid_parse((const char *)rdata+40,sid_len,&qt.sid)) {
+ if (!sid_parse(rdata+40,sid_len,&qt.sid)) {
return false;
}
@@ -129,7 +129,7 @@ NTSTATUS cli_get_user_quota(struct cli_state *cli, int quota_fnum,
data_len = sid_len+8;
SIVAL(data, 0, 0x00000000);
SIVAL(data, 4, sid_len);
- sid_linearize((char *)data+8, sid_len, &pqt->sid);
+ sid_linearize(data+8, sid_len, &pqt->sid);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
@@ -183,7 +183,7 @@ NTSTATUS cli_set_user_quota(struct cli_state *cli, int quota_fnum,
SBIG_UINT(data,16,pqt->usedspace);
SBIG_UINT(data,24,pqt->softlim);
SBIG_UINT(data,32,pqt->hardlim);
- sid_linearize((char *)data+40, sid_len, &pqt->sid);
+ sid_linearize(data+40, sid_len, &pqt->sid);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index ac1052e..460837c 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1281,7 +1281,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- if (!sid_parse(in_data + 4, sid_len, &sid)) {
+ if (!sid_parse(_in_data + 4, sid_len, &sid)) {
return NT_STATUS_INVALID_PARAMETER;
}
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
index e1e5527..4d9d09c 100644
--- a/source3/passdb/pdb_ipa.c
+++ b/source3/passdb/pdb_ipa.c
@@ -768,7 +768,7 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd
struct pdb_domain_info *info;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)pdb_methods->private_data;
- char sid_buf[24];
+ uint8_t sid_buf[24];
DATA_BLOB sid_blob;
NTSTATUS status;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 04dddee..19c7153 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2384,7 +2384,8 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len,
+ &tmp_list->quotas->sid);
}
qt_handle->tmp_list = tmp_list;
@@ -2433,7 +2434,8 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
break;
}
- if (!sid_parse(pdata+8,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+8), sid_len,
+ &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
@@ -2485,7 +2487,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
SBIG_UINT(entry,32,qt.hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len, &sid);
break;
@@ -2586,7 +2588,7 @@ static void call_nt_transact_set_user_quota(connection_struct *conn,
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(pdata,32);
- if (!sid_parse(pdata+40,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+40), sid_len, &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 8816402..58d18fb 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3796,7 +3796,8 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
&conn->session_info->security_token->sids[i],
0);
- sid_linearize(pdata + data_len, sid_len,
+ sid_linearize((uint8_t *)(pdata + data_len),
+ sid_len,
&conn->session_info->security_token->sids[i]);
data_len += sid_len;
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index e0be44e..914caf8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8563,7 +8563,7 @@ static bool run_local_sid_to_string(int dummy) {
static bool run_local_binary_to_sid(int dummy) {
struct dom_sid *sid = talloc(NULL, struct dom_sid);
- static const char good_binary_sid[] = {
+ static const uint8_t good_binary_sid[] = {
0x1, /* revision number */
15, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
@@ -8584,7 +8584,7 @@ static bool run_local_binary_to_sid(int dummy) {
0x1, 0x1, 0x1, 0x1, /* auth[14] */
};
- static const char long_binary_sid[] = {
+ static const uint8_t long_binary_sid[] = {
0x1, /* revision number */
15, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
@@ -8608,7 +8608,7 @@ static bool run_local_binary_to_sid(int dummy) {
0x1, 0x1, 0x1, 0x1, /* auth[17] */
};
- static const char long_binary_sid2[] = {
+ static const uint8_t long_binary_sid2[] = {
0x1, /* revision number */
32, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 6447d06..c1b5d5a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -360,7 +360,7 @@ struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, const struct ldb_messa
if (sid == NULL) {
return NULL;
}
- ok = sid_blob_parse(*v, sid);
+ ok = sid_parse(v->data, v->length, sid);
if (!ok) {
talloc_free(sid);
return NULL;
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 00109eb..53921d4 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -300,7 +300,10 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
struct dom_sid *sid = talloc(torture, struct dom_sid);
torture_assert(torture, sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+ torture_assert(torture,
+ sid_parse(el->values[i].data,
+ el->values[i].length, sid),
+ "sid parse failed");
torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
talloc_free(sid);
}
@@ -311,13 +314,20 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
struct dom_sid *dc_sids = talloc_array(torture, struct dom_sid, el->num_values);
struct dom_sid *member_sids = talloc_array(torture, struct dom_sid, whoami->num_sids);
torture_assert(torture, user_sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[0], user_sid), "sid parse failed");
+ torture_assert(torture, sid_parse(el->values[0].data,
+ el->values[0].length,
+ user_sid),
+ "sid parse failed");
torture_assert_ntstatus_equal(torture, dom_sid_split_rid(torture, user_sid, &dom_sid, NULL), NT_STATUS_OK, "failed to split domain SID from user SID");
for (i = 0; i < el->num_values; i++) {
struct dom_sid *sid = talloc(dc_sids, struct dom_sid);
torture_assert(torture, sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+ torture_assert(torture,
+ sid_parse(el->values[i].data,
+ el->values[i].length,
+ sid),
+ "sid parse failed");
if (dom_sid_in_domain(dom_sid, sid)) {
dc_sids[num_domain_sids_dc] = *sid;
num_domain_sids_dc++;
--
Samba Shared Repository
More information about the samba-cvs
mailing list