[SCM] Samba Shared Repository - branch v4-17-stable updated
Jule Anger
janger at samba.org
Thu Jul 6 13:59:42 UTC 2023
The branch, v4-17-stable has been updated
via b8598d4b9fb VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release.
via 95fd96dbab9 WHATSNEW: Add release notes for Samba 4.17.9.
via 65f35a5bf32 s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
via b5b4fd3ee23 s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
via 38a9e17d02f s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
via 0afed23bcd2 s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
via 62507b112e6 s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
via 426b6ecca6d smbd: call exit_server_cleanly() to avoid panicking
via c366a064c8f pidl: avoid py compile issues with --pidl-developer
via 88c24655c79 s3:utils: smbget fix a memory leak
via f26b205786e smbclient: Fix fd leak with "showacls;ls"
via af55bfe4e99 libsmb: Fix directory listing against old servers
via 72149cd8b3b tests: Show that we 100% loop in cli_list_old_recv()
via 0a27a04ec05 tests: Make timelimit available to test scripts
via 25b75eccea0 s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()
via dff3946d616 vfs_fruit: add fruit:convert_adouble parameter
via a2567c17294 vfs_fruit: just log failing AppleDouble conversion
via 4e0850b7afc libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
via b0e8932b1cf vfs_fruit: never return AFP_Resource stream for directories
via ed1979c76c6 vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
via f544dc9cc06 CI: add a test for fruit AppleDouble conversion when deletion triggers conversion
via e1c3f8328cd rpc_server3: Pass winbind_env_set() state through to rpcd_*
via 99f28fecf9d lib: Add security_token_del_npa_flags() helper function
via c21560a03c9 rpc: Remove named_pipe_auth_req_info6->need_idle_server
via f5323412879 rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
via 270855cfdb5 named_pipe_auth: Bump info5 to info6
via 61a71886a14 rpc: Add global_sid_Samba_NPA_Flags SID
via 9a3ae1d0da7 librpc: Simplify dcerpc_is_transport_encrypted()
via 2d1e69dcc6e smbd: Use security_token_count_flag_sids() in open_np_file()
via e8094b7913c libcli: Add security_token_count_flag_sids()
via 98b8ffdb447 librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
via 01d3f58321d VERSION: Bump version up to Samba 4.17.9...
from bdd1a7c5f2f VERSION: Disable GIT_SNAPSHOT for the 4.17.8 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 62 +-
docs-xml/manpages/vfs_fruit.8.xml | 13 +
libcli/named_pipe_auth/npa_tstream.c | 144 +++--
libcli/named_pipe_auth/npa_tstream.h | 4 +-
libcli/security/dom_sid.h | 4 +
libcli/security/security_token.c | 36 ++
libcli/security/security_token.h | 9 +
libcli/security/util_sid.c | 7 +
librpc/idl/named_pipe_auth.idl | 9 +-
librpc/rpc/dcerpc_helper.c | 32 +-
librpc/rpc/dcesrv_core.c | 17 +
librpc/rpc/dcesrv_core.h | 1 +
pidl/lib/Parse/Pidl/Samba4/Python.pm | 8 +-
selftest/selftesthelpers.py | 1 +
source3/client/client.c | 1 +
source3/include/proto.h | 3 +
source3/lib/adouble.c | 2 +-
source3/lib/util_sid.c | 34 +
source3/librpc/idl/rpc_host.idl | 2 +-
source3/libsmb/clilist.c | 6 +
source3/modules/vfs_fruit.c | 48 +-
source3/rpc_client/local_np.c | 105 ++-
source3/rpc_server/rpc_host.c | 115 ++--
source3/rpc_server/rpc_worker.c | 112 ++--
source3/script/tests/test_old_dirlisting.sh | 28 +
source3/selftest/tests.py | 6 +
source3/smbd/scavenger.c | 2 +-
source3/smbd/smb2_pipes.c | 23 +-
source3/utils/smbget.c | 1 +
source3/winbindd/winbindd_cache.c | 1 +
source3/winbindd/winbindd_msrpc.c | 10 +-
source3/winbindd/winbindd_pam.c | 67 +-
source4/dns_server/dns_crypto.c | 2 +-
source4/dns_server/dns_update.c | 4 +-
source4/dns_server/dnsserver_common.c | 21 +-
source4/dns_server/dnsserver_common.h | 2 +-
source4/rpc_server/dnsserver/dnsutils.c | 2 +-
source4/torture/dns/dlz_bind9.c | 8 +-
source4/torture/vfs/fruit.c | 954 ++++++++++++++++++++++++++++
40 files changed, 1607 insertions(+), 301 deletions(-)
create mode 100755 source3/script/tests/test_old_dirlisting.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index bcfbd046e24..8778e6ebb26 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=17
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c9f39ce3912..84dbe233384 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,62 @@
+ ==============================
+ Release Notes for Samba 4.17.9
+ July 06, 2023
+ ==============================
+
+
+This is the latest stable release of the Samba 4.17 release series.
+
+
+Changes since 4.17.8
+--------------------
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15404: Backport --pidl-developer fixes.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15275: smbd_scavenger crashes when service smbd is stopped.
+ * BUG 15378: vfs_fruit might cause a failing open for delete.
+
+o Samuel Cabrero <scabrero at samba.org>
+ * BUG 14030: named crashes on DLZ zone update.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15361: winbind recurses into itself via rpcd_lsad.
+ * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
+ * BUG 15391: smbclient leaks fds with showacls.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15374: aes256 smb3 encryption algorithms are not allowed in
+ smb3_sid_parse().
+ * BUG 15413: winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR.
+
+o Jones Syue <jonessyue at qnap.com>
+ * BUG 15403: smbget memory leak if failed to download files recursively.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.17.8
May 11, 2023
@@ -75,8 +134,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.17.7
March 29, 2023
diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml
index 4caf308a612..b2ebfae2e21 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -406,6 +406,19 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:convert_adouble = yes | no</term>
+ <listitem>
+ <para>Whether an attempt shall be made to convert ._ AppleDouble
+ sidecar files to native streams (xattrs when using
+ vfs_streams_xattr). The main use case for this conversion is
+ transparent migration from a server config without streams support
+ where the macOS client created those AppleDouble sidecar
+ files.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/libcli/named_pipe_auth/npa_tstream.c b/libcli/named_pipe_auth/npa_tstream.c
index 506c4a35681..f84440fe755 100644
--- a/libcli/named_pipe_auth/npa_tstream.c
+++ b/libcli/named_pipe_auth/npa_tstream.c
@@ -73,7 +73,7 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
int ret;
enum ndr_err_code ndr_err;
char *lower_case_npipe;
- struct named_pipe_auth_req_info5 *info5;
+ struct named_pipe_auth_req_info7 *info7;
req = tevent_req_create(mem_ctx, &state,
struct tstream_npa_connect_state);
@@ -119,39 +119,43 @@ struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
goto post;
}
- state->auth_req.level = 5;
- info5 = &state->auth_req.info.info5;
+ state->auth_req.level = 7;
+ info7 = &state->auth_req.info.info7;
- info5->transport = transport;
- SMB_ASSERT(info5->transport == transport); /* Assert no overflow */
+ info7->transport = transport;
+ SMB_ASSERT(info7->transport == transport); /* Assert no overflow */
- info5->remote_client_name = remote_client_name_in;
- info5->remote_client_addr = tsocket_address_inet_addr_string(remote_client_addr,
- state);
- if (!info5->remote_client_addr) {
+ info7->remote_client_name = remote_client_name_in;
+ info7->remote_client_addr =
+ tsocket_address_inet_addr_string(remote_client_addr, state);
+ if (!info7->remote_client_addr) {
/* errno might be EINVAL */
tevent_req_error(req, errno);
goto post;
}
- info5->remote_client_port = tsocket_address_inet_port(remote_client_addr);
- if (!info5->remote_client_name) {
- info5->remote_client_name = info5->remote_client_addr;
+ info7->remote_client_port =
+ tsocket_address_inet_port(remote_client_addr);
+ if (!info7->remote_client_name) {
+ info7->remote_client_name = info7->remote_client_addr;
}
- info5->local_server_name = local_server_name_in;
- info5->local_server_addr = tsocket_address_inet_addr_string(local_server_addr,
- state);
- if (!info5->local_server_addr) {
+ info7->local_server_name = local_server_name_in;
+ info7->local_server_addr =
+ tsocket_address_inet_addr_string(local_server_addr, state);
+ if (!info7->local_server_addr) {
/* errno might be EINVAL */
tevent_req_error(req, errno);
goto post;
}
- info5->local_server_port = tsocket_address_inet_port(local_server_addr);
- if (!info5->local_server_name) {
- info5->local_server_name = info5->local_server_addr;
+ info7->local_server_port =
+ tsocket_address_inet_port(local_server_addr);
+ if (!info7->local_server_name) {
+ info7->local_server_name = info7->local_server_addr;
}
- info5->session_info = discard_const_p(struct auth_session_info_transport, session_info);
+ info7->session_info =
+ discard_const_p(struct auth_session_info_transport,
+ session_info);
if (DEBUGLVL(10)) {
NDR_PRINT_DEBUG(named_pipe_auth_req, &state->auth_req);
@@ -348,10 +352,10 @@ int _tstream_npa_connect_recv(struct tevent_req *req,
npas->unix_stream = talloc_move(stream, &state->unix_stream);
switch (state->auth_rep.level) {
- case 5:
- npas->file_type = state->auth_rep.info.info5.file_type;
- device_state = state->auth_rep.info.info5.device_state;
- allocation_size = state->auth_rep.info.info5.allocation_size;
+ case 7:
+ npas->file_type = state->auth_rep.info.info7.file_type;
+ device_state = state->auth_rep.info.info7.device_state;
+ allocation_size = state->auth_rep.info.info7.allocation_size;
break;
}
@@ -1084,7 +1088,7 @@ static void tstream_npa_accept_existing_reply(struct tevent_req *subreq)
tevent_req_data(req, struct tstream_npa_accept_state);
struct named_pipe_auth_req *pipe_request;
struct named_pipe_auth_rep pipe_reply;
- struct named_pipe_auth_req_info5 i5;
+ struct named_pipe_auth_req_info7 i7;
enum ndr_err_code ndr_err;
DATA_BLOB in, out;
int err;
@@ -1147,53 +1151,59 @@ static void tstream_npa_accept_existing_reply(struct tevent_req *subreq)
NDR_PRINT_DEBUG(named_pipe_auth_req, pipe_request);
}
- ZERO_STRUCT(i5);
+ ZERO_STRUCT(i7);
- if (pipe_request->level != 5) {
+ if (pipe_request->level != 7) {
DEBUG(0, ("Unknown level %u\n", pipe_request->level));
pipe_reply.level = 0;
pipe_reply.status = NT_STATUS_INVALID_LEVEL;
goto reply;
}
- pipe_reply.level = 5;
+ pipe_reply.level = 7;
pipe_reply.status = NT_STATUS_OK;
- pipe_reply.info.info5.file_type = state->file_type;
- pipe_reply.info.info5.device_state = state->device_state;
- pipe_reply.info.info5.allocation_size = state->alloc_size;
+ pipe_reply.info.info7.file_type = state->file_type;
+ pipe_reply.info.info7.device_state = state->device_state;
+ pipe_reply.info.info7.allocation_size = state->alloc_size;
- i5 = pipe_request->info.info5;
- if (i5.local_server_addr == NULL) {
+ i7 = pipe_request->info.info7;
+ if (i7.local_server_addr == NULL) {
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
DEBUG(2, ("Missing local server address\n"));
goto reply;
}
- if (i5.remote_client_addr == NULL) {
+ if (i7.remote_client_addr == NULL) {
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
DEBUG(2, ("Missing remote client address\n"));
goto reply;
}
- ret = tsocket_address_inet_from_strings(state, "ip",
- i5.local_server_addr,
- i5.local_server_port,
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ i7.local_server_addr,
+ i7.local_server_port,
&state->local_server_addr);
if (ret != 0) {
- DEBUG(2, ("Invalid local server address[%s:%u] - %s\n",
- i5.local_server_addr, i5.local_server_port,
- strerror(errno)));
+ DEBUG(2,
+ ("Invalid local server address[%s:%u] - %s\n",
+ i7.local_server_addr,
+ i7.local_server_port,
+ strerror(errno)));
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
goto reply;
}
- ret = tsocket_address_inet_from_strings(state, "ip",
- i5.remote_client_addr,
- i5.remote_client_port,
+ ret = tsocket_address_inet_from_strings(state,
+ "ip",
+ i7.remote_client_addr,
+ i7.remote_client_port,
&state->remote_client_addr);
if (ret != 0) {
- DEBUG(2, ("Invalid remote client address[%s:%u] - %s\n",
- i5.remote_client_addr, i5.remote_client_port,
- strerror(errno)));
+ DEBUG(2,
+ ("Invalid remote client address[%s:%u] - %s\n",
+ i7.remote_client_addr,
+ i7.remote_client_port,
+ strerror(errno)));
pipe_reply.status = NT_STATUS_INVALID_ADDRESS;
goto reply;
}
@@ -1249,14 +1259,15 @@ static void tstream_npa_accept_existing_done(struct tevent_req *subreq)
tevent_req_done(req);
}
-static struct named_pipe_auth_req_info5 *copy_npa_info5(
- TALLOC_CTX *mem_ctx, const struct named_pipe_auth_req_info5 *src)
+static struct named_pipe_auth_req_info7 *
+copy_npa_info7(TALLOC_CTX *mem_ctx,
+ const struct named_pipe_auth_req_info7 *src)
{
- struct named_pipe_auth_req_info5 *dst = NULL;
+ struct named_pipe_auth_req_info7 *dst = NULL;
DATA_BLOB blob;
enum ndr_err_code ndr_err;
- dst = talloc_zero(mem_ctx, struct named_pipe_auth_req_info5);
+ dst = talloc_zero(mem_ctx, struct named_pipe_auth_req_info7);
if (dst == NULL) {
return NULL;
}
@@ -1265,9 +1276,9 @@ static struct named_pipe_auth_req_info5 *copy_npa_info5(
&blob,
dst,
src,
- (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req_info5);
+ (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req_info7);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_WARNING("ndr_push_named_pipe_auth_req_info5 failed: %s\n",
+ DBG_WARNING("ndr_push_named_pipe_auth_req_info7 failed: %s\n",
ndr_errstr(ndr_err));
TALLOC_FREE(dst);
return NULL;
@@ -1277,10 +1288,10 @@ static struct named_pipe_auth_req_info5 *copy_npa_info5(
&blob,
dst,
dst,
- (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req_info5);
+ (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req_info7);
TALLOC_FREE(blob.data);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_WARNING("ndr_push_named_pipe_auth_req_info5 failed: %s\n",
+ DBG_WARNING("ndr_push_named_pipe_auth_req_info7 failed: %s\n",
ndr_errstr(ndr_err));
TALLOC_FREE(dst);
return NULL;
@@ -1294,7 +1305,7 @@ int _tstream_npa_accept_existing_recv(
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **stream,
- struct named_pipe_auth_req_info5 **info5,
+ struct named_pipe_auth_req_info7 **info7,
enum dcerpc_transport_t *transport,
struct tsocket_address **remote_client_addr,
char **_remote_client_name,
@@ -1305,7 +1316,8 @@ int _tstream_npa_accept_existing_recv(
{
struct tstream_npa_accept_state *state =
tevent_req_data(req, struct tstream_npa_accept_state);
- struct named_pipe_auth_req_info5 *i5 = &state->pipe_request->info.info5;
+ struct named_pipe_auth_req_info7 *i7 =
+ &state->pipe_request->info.info7;
struct tstream_npa *npas;
int ret;
@@ -1346,24 +1358,24 @@ int _tstream_npa_accept_existing_recv(
npas->unix_stream = state->plain;
npas->file_type = state->file_type;
- if (info5 != NULL) {
+ if (info7 != NULL) {
/*
- * Make a full copy of "info5" because further down we
+ * Make a full copy of "info7" because further down we
* talloc_move() away substructures from
* state->pipe_request.
*/
- struct named_pipe_auth_req_info5 *dst = copy_npa_info5(
- mem_ctx, i5);
+ struct named_pipe_auth_req_info7 *dst =
+ copy_npa_info7(mem_ctx, i7);
if (dst == NULL) {
*perrno = ENOMEM;
tevent_req_received(req);
return -1;
}
- *info5 = dst;
+ *info7 = dst;
}
if (transport != NULL) {
- *transport = i5->transport;
+ *transport = i7->transport;
}
if (remote_client_addr != NULL) {
*remote_client_addr = talloc_move(
@@ -1371,7 +1383,8 @@ int _tstream_npa_accept_existing_recv(
}
if (_remote_client_name != NULL) {
*_remote_client_name = discard_const_p(
- char, talloc_move(mem_ctx, &i5->remote_client_name));
+ char,
+ talloc_move(mem_ctx, &i7->remote_client_name));
}
if (local_server_addr != NULL) {
*local_server_addr = talloc_move(
@@ -1379,10 +1392,11 @@ int _tstream_npa_accept_existing_recv(
}
if (local_server_name != NULL) {
*local_server_name = discard_const_p(
- char, talloc_move(mem_ctx, &i5->local_server_name));
+ char,
+ talloc_move(mem_ctx, &i7->local_server_name));
}
if (session_info != NULL) {
- *session_info = talloc_move(mem_ctx, &i5->session_info);
+ *session_info = talloc_move(mem_ctx, &i7->session_info);
}
tevent_req_received(req);
diff --git a/libcli/named_pipe_auth/npa_tstream.h b/libcli/named_pipe_auth/npa_tstream.h
index 1d7e93dc0fa..ebb6d16e428 100644
--- a/libcli/named_pipe_auth/npa_tstream.h
+++ b/libcli/named_pipe_auth/npa_tstream.h
@@ -27,7 +27,7 @@ struct tevent_req;
struct tevent_context;
struct auth_session_info_transport;
struct tsocket_address;
-struct named_pipe_auth_req_info5;
+struct named_pipe_auth_req_info7;
struct tevent_req *tstream_npa_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -114,7 +114,7 @@ int _tstream_npa_accept_existing_recv(
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **stream,
- struct named_pipe_auth_req_info5 **info5,
+ struct named_pipe_auth_req_info7 **info7,
enum dcerpc_transport_t *transport,
struct tsocket_address **remote_client_addr,
char **_remote_client_name,
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 568916a159d..c362fa6fe80 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -66,6 +66,10 @@ extern const struct dom_sid global_sid_Unix_NFS_Mode;
extern const struct dom_sid global_sid_Unix_NFS_Other;
extern const struct dom_sid global_sid_Samba_SMB3;
+extern const struct dom_sid global_sid_Samba_NPA_Flags;
+#define SAMBA_NPA_FLAGS_NEED_IDLE 1
+#define SAMBA_NPA_FLAGS_WINBIND_OFF 2
+
enum lsa_SidType;
NTSTATUS dom_sid_lookup_predefined_name(const char *name,
diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index 03e7bb70743..f788540e98e 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -95,6 +95,42 @@ bool security_token_has_sid(const struct security_token *token, const struct dom
return false;
}
+size_t security_token_count_flag_sids(const struct security_token *token,
+ const struct dom_sid *prefix_sid,
+ size_t num_flags,
+ const struct dom_sid **_flag_sid)
+{
+ const size_t num_auths_expected = prefix_sid->num_auths + num_flags;
+ const struct dom_sid *found = NULL;
+ size_t num = 0;
+ uint32_t i;
+
+ SMB_ASSERT(num_auths_expected <= ARRAY_SIZE(prefix_sid->sub_auths));
+
+ for (i = 0; i < token->num_sids; i++) {
+ const struct dom_sid *sid = &token->sids[i];
+ int cmp;
+
+ if ((size_t)sid->num_auths != num_auths_expected) {
+ continue;
+ }
+
+ cmp = dom_sid_compare_domain(sid, prefix_sid);
+ if (cmp != 0) {
+ continue;
+ }
+
+ num += 1;
+ found = sid;
+ }
+
+ if ((num == 1) && (_flag_sid != NULL)) {
+ *_flag_sid = found;
+ }
+
+ return num;
+}
+
bool security_token_has_builtin_guests(const struct security_token *token)
{
return security_token_has_sid(token, &global_sid_Builtin_Guests);
diff --git a/libcli/security/security_token.h b/libcli/security/security_token.h
index 15773df617f..c6898859b98 100644
--
Samba Shared Repository
More information about the samba-cvs
mailing list