[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Sat Sep 25 00:47:01 UTC 2021
The branch, master has been updated
via 81e27693c62 mdssvc: Use ndr_policy_handle_empty()
via 1e30fad7ee0 rpc_server: Simplify dcesrv_handle_lookup()
via acaa89aac9d rpc_server: Move a type check in dcesrv_handle_lookup()
via ef990008f22 libcli: Remove unused security_token_is_sid_string()
from 5b331443d06 tests/krb5: Add classes for testing invalid checksums
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 81e27693c62336d28c11462c790d7bc68ff3aa0c
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 20 16:49:53 2021 +0200
mdssvc: Use ndr_policy_handle_empty()
is_zero_policy_handle() was a duplicate.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 25 00:46:23 UTC 2021 on sn-devel-184
commit 1e30fad7ee04baaebc2d87fb933cefe358799882
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 20 16:42:08 2021 +0200
rpc_server: Simplify dcesrv_handle_lookup()
Reduce indentation with a "break;" from the loop, best reviewed with
git show -b
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit acaa89aac9d0ae6b655ea606aaa576d261e92fac
Author: Volker Lendecke <vl at samba.org>
Date: Mon Sep 20 16:36:15 2021 +0200
rpc_server: Move a type check in dcesrv_handle_lookup()
This check is independent of whether we found a handle or not, we can
do it before walking the handle list.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ef990008f22a0790442c0259defdfdcf0a28eb3d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Sep 21 14:35:17 2021 +0200
libcli: Remove unused security_token_is_sid_string()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/security_token.c | 14 -------
libcli/security/security_token.h | 2 -
librpc/rpc/dcesrv_handles.c | 61 ++++++++++++++++++-------------
source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 19 ++--------
4 files changed, 39 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index 186b6434006..f8cf2a7be09 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -74,20 +74,6 @@ bool security_token_is_sid(const struct security_token *token, const struct dom_
return false;
}
-bool security_token_is_sid_string(const struct security_token *token, const char *sid_string)
-{
- bool ret;
- struct dom_sid sid;
-
- ret = dom_sid_parse(sid_string, &sid);
- if (!ret) {
- return false;
- }
-
- ret = security_token_is_sid(token, &sid);
- return ret;
-}
-
bool security_token_is_system(const struct security_token *token)
{
return security_token_is_sid(token, &global_sid_System);
diff --git a/libcli/security/security_token.h b/libcli/security/security_token.h
index 5c5b30bac1c..37230461adc 100644
--- a/libcli/security/security_token.h
+++ b/libcli/security/security_token.h
@@ -41,8 +41,6 @@ void security_token_debug(int dbg_class, int dbg_lev, const struct security_toke
bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid);
-bool security_token_is_sid_string(const struct security_token *token, const char *sid_string);
-
bool security_token_is_system(const struct security_token *token);
bool security_token_is_anonymous(const struct security_token *token);
diff --git a/librpc/rpc/dcesrv_handles.c b/librpc/rpc/dcesrv_handles.c
index d50831bcf0a..da1f00f5b67 100644
--- a/librpc/rpc/dcesrv_handles.c
+++ b/librpc/rpc/dcesrv_handles.c
@@ -104,37 +104,48 @@ struct dcesrv_handle *dcesrv_handle_lookup(struct dcesrv_call_state *call,
return dcesrv_handle_create(call, handle_type);
}
+ if (handle_type != DCESRV_HANDLE_ANY &&
+ p->handle_type != handle_type) {
+ DBG_WARNING("client gave us the wrong handle type "
+ "(%"PRIu32" should be %"PRIu8")\n",
+ p->handle_type,
+ handle_type);
+ return NULL;
+ }
+
for (h=context->conn->assoc_group->handles; h; h=h->next) {
if (h->wire_handle.handle_type == p->handle_type &&
GUID_equal(&p->uuid, &h->wire_handle.uuid)) {
- if (handle_type != DCESRV_HANDLE_ANY &&
- p->handle_type != handle_type) {
- DEBUG(0,("client gave us the wrong handle type (%d should be %d)\n",
- p->handle_type, handle_type));
- return NULL;
- }
- if (!dom_sid_equal(&h->sid, sid)) {
- struct dom_sid_buf buf1, buf2;
- DBG_ERR("Attempt to use invalid sid %s - %s\n",
- dom_sid_str_buf(&h->sid, &buf1),
- dom_sid_str_buf(sid, &buf2));
- return NULL;
- }
- if (call->auth_state->auth_level < h->min_auth_level) {
- DEBUG(0,(__location__ ": Attempt to use invalid auth_level %u < %u\n",
- call->auth_state->auth_level,
- h->min_auth_level));
- return NULL;
- }
- if (h->iface != context->iface) {
- DEBUG(0,(__location__ ": Attempt to use invalid iface\n"));
- return NULL;
- }
- return h;
+ break;
}
}
- return NULL;
+ if (h == NULL) {
+ /* not found */
+ return NULL;
+ }
+
+ if (!dom_sid_equal(&h->sid, sid)) {
+ struct dom_sid_buf buf1, buf2;
+ DBG_ERR("Attempt to use invalid sid %s - %s\n",
+ dom_sid_str_buf(&h->sid, &buf1),
+ dom_sid_str_buf(sid, &buf2));
+ return NULL;
+ }
+
+ if (call->auth_state->auth_level < h->min_auth_level) {
+ DBG_ERR("Attempt to use invalid auth_level %u < %u\n",
+ call->auth_state->auth_level,
+ h->min_auth_level);
+ return NULL;
+ }
+
+ if (h->iface != context->iface) {
+ DBG_ERR("Attempt to use invalid iface\n");
+ return NULL;
+ }
+
+ return h;
}
struct dcesrv_iface_state {
diff --git a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
index b8eed8b6ff9..6a18f5bbbdf 100644
--- a/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
+++ b/source3/rpc_server/mdssvc/srv_mdssvc_nt.c
@@ -162,19 +162,6 @@ void _mdssvc_open(struct pipes_struct *p, struct mdssvc_open *r)
return;
}
-static bool is_zero_policy_handle(const struct policy_handle *h)
-{
- struct GUID zero_uuid = {0};
-
- if (h->handle_type != 0) {
- return false;
- }
- if (!GUID_equal(&h->uuid, &zero_uuid)) {
- return false;
- }
- return true;
-}
-
void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r)
{
struct mds_ctx *mds_ctx;
@@ -186,7 +173,7 @@ void _mdssvc_unknown1(struct pipes_struct *p, struct mdssvc_unknown1 *r)
struct mds_ctx,
&status);
if (!NT_STATUS_IS_OK(status)) {
- if (is_zero_policy_handle(r->in.handle)) {
+ if (ndr_policy_handle_empty(r->in.handle)) {
p->fault_state = 0;
} else {
p->fault_state = DCERPC_NCA_S_PROTO_ERROR;
@@ -219,7 +206,7 @@ void _mdssvc_cmd(struct pipes_struct *p, struct mdssvc_cmd *r)
struct mds_ctx,
&status);
if (!NT_STATUS_IS_OK(status)) {
- if (is_zero_policy_handle(r->in.handle)) {
+ if (ndr_policy_handle_empty(r->in.handle)) {
p->fault_state = 0;
} else {
p->fault_state = DCERPC_NCA_S_PROTO_ERROR;
@@ -300,7 +287,7 @@ void _mdssvc_close(struct pipes_struct *p, struct mdssvc_close *r)
&status);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("invalid handle\n");
- if (is_zero_policy_handle(r->in.in_handle)) {
+ if (ndr_policy_handle_empty(r->in.in_handle)) {
p->fault_state = 0;
} else {
p->fault_state = DCERPC_NCA_S_PROTO_ERROR;
--
Samba Shared Repository
More information about the samba-cvs
mailing list