[PATCH] store SID's in SAM_ACCOUNT

Simo Sorce simo.sorce at xsec.it
Fri May 31 03:47:03 GMT 2002 

On Fri, 2002-05-31 at 12:20, metze at metzemix.de wrote:
> Hi Andrew and Simo,
> 
> this patches are only for discussion,( not completely ready)
> 
> please take look at it the Patch for Makefile.in should be cleaner but I 
> don't know how to do this... So it would be nice if someoneelse could do that.
> The reason for changing Makefile.in is that the global_sam_sid should be 
> get with the function get_global_sam_sid(), witch is in 
> passdb/machine_sid.c and depends code from passdb/secrets.c 
> libsmb/smbencrypt.c libsmb/smbdes.c
> 
> 
> code Patch
> ---------------------------------------------------------
[snip]

> diff -Nur HEAD/source/rpc_server/srv_samr_nt.c 
> HEAD-fix/source/rpc_server/srv_samr_nt.c
> --- HEAD/source/rpc_server/srv_samr_nt.c        Mon May 27 13:11:02 2002
> +++ HEAD-fix/source/rpc_server/srv_samr_nt.c    Wed May 29 13:16:56 2002
> @@ -31,7 +31,6 @@
> 
[snip]


> @@ -1982,19 +1981,10 @@
>                            account));
>                  return NT_STATUS_ACCESS_DENIED;
>          }
> -
> -       /* Get the domain SID stored in the domain policy */
> -       if(!get_lsa_policy_samr_sid(p, &dom_pol, &sid)) {
> -               pdb_free_sam(&sam_pass);
> -               return NT_STATUS_INVALID_HANDLE;
> -       }
> -
> -       /* append the user's RID to it */
> -       if(!sid_append_rid(&sid, pdb_get_user_rid(sam_pass) )) {
> -               pdb_free_sam(&sam_pass);
> -               return NT_STATUS_NO_SUCH_USER;
> -       }
> 
> +       /* Get the user's SID */
> +       sid_copy(&sid,(DOM_SID *)pdb_get_user_sid(sam_pass));
> +
>          /* associate the user's SID with the new handle. */
>          if ((info = get_samr_info_by_sid(&sid)) == NULL) {
>                  pdb_free_sam(&sam_pass);
> @@ -2709,7 +2699,7 @@

the above piece is wrong!
wrong seem to be the original code. (an unjustified pdb_free_sam ?)
I'll check it.

Wrong is the patch!
Why have you got out get_lsa_policy_samr_sid() ?

The code here creates the SID form the info that come from the remote,
while instead you are creating a user SID from the RID only.

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020531/6504b6d2/attachment.bin

More information about the samba-technical mailing list