bug in wbcStringToSid
Marc-andré Labonté
marc-andre.labonte at mail.mcgill.ca
Thu Jul 17 20:11:03 GMT 2008
Thanks so much. I tried your modifications and they solved my login
failures with domain administrator mapped to root.
Marc-andré
Jeremy Allison wrote:
> On Wed, Jul 16, 2008 at 08:12:05PM -0700, Herb Lewis wrote:
>
>> In samba 3.2 the function wbcStringToSid has an error.
>> We are calling strtol on the string to get the various
>> parts of the sid (rev number, id_auth and sub_auths)
>> however we test for the return value to be non-zero to
>> indicate success. However this will not allow us to decode
>> a SID that has a zero in any field - for example the
>> Everyone sid of S-1-1-0 or UID 0 sid of S-1-22-1-0.
>>
>> I don't know if there are any SIDs with 0 in any position
>> but the subauths but we need to at least allow it there.
>>
>> The code has the following lines
>>
>> while (sid->num_auths < WBC_MAXSUBAUTHS) {
>> if ((x=(uint32_t)strtoul(p, &q, 10)) == 0)
>> break;
>> sid->sub_auths[sid->num_auths++] = x;
>>
>> if (q && ((*q!='-') || (*q=='\0')))
>> break;
>> p = q + 1;
>> }
>>
>>
>> I think this needs to be changed to something like the
>> following
>>
>> while (sid->num_auths < WBC_MAXSUBAUTHS) {
>> x=(uint32_t)strtoul(p, &q, 10);
>> if (p == q)
>> break;
>> sid->sub_auths[sid->num_auths++] = x;
>>
>> if (q && ((*q!='-') || (*q=='\0')))
>> break;
>> p = q + 1;
>> }
>>
>
> Herb, do you want to make the changes and check
> it into 3.2-test and 3.3 please ?
>
> I'd do it but I'm on a flight to the UK today.
>
> Thanks,
>
> Jeremy.
>
More information about the samba-technical
mailing list