SID Compression and member servers ...
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Jun 16 02:45:59 MDT 2014
On Sat, Jun 14, 2014 at 03:20:19PM -0700, Richard Sharpe wrote:
> On Sat, Jun 14, 2014 at 2:44 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
> > For anyone following along at home the attached patch might work :-)
> >
> > It compiles, but I don't have a debug setup to test it with at the moment.
>
> A fix for the obvious error ...
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
> diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
> index 05c4ddc..912a271 100644
> --- a/source3/auth/auth_generic.c
> +++ b/source3/auth/auth_generic.c
> @@ -34,6 +34,46 @@
> #include "lib/param/loadparm.h"
> #include "librpc/gen_ndr/dcerpc.h"
>
> +/*
> + * Merge the SIDs in the resource groups into the info3 ...
> + */
> +NTSTATUS merge_resource_sids(struct PAC_LOGON_INFO *logon_info,
> + struct netr_SamInfo3 *info3)
> +{
> + NTSTATUS status = NT_STATUS_OK;
> + int i = 0;
> + struct dom_sid new_sid;
> +
> + sid_copy(&new_sid, logon_info->res_group_dom_sid);
> + /*
> + * Construct a SID for each RID in the list and then append it
> + * to the info3 ...
> + */
> + for (i = 0; i < logon_info->res_groups.count ; i++) {
> + uint32_t attributes = logon_info->res_groups.rids[i].attributes;
> +
> + sid_append_rid(&new_sid, logon_info->res_groups.rids[i].rid);
> +
> + DEBUG(10, ("Adding SID %s to extra SIDS\n",
> + sid_string_dbg(&new_sid)));
> +
> + status = append_netr_SidAttr(info3, &info3->sids,
> + &info3->sidcount,
> + &new_sid,
> + attributes);
> + if (!NT_STATUS_IS_OK(status)) {
> + DEBUG(1, ("failed to append SID %s to extra SIDS: %s\n",
> + sid_string_dbg(&new_sid),
> + nt_errstr(status)));
> + return status;
> + }
> +
> + new_sid.num_auths--; /* Get rid of the RID we added */
Instead of doing this magic with sid internals I would
propose to put the "new_sid" into the for-loop and work with
the routine sid_compose. Sids are not that large, so the
performance penalty from copying res_group_dom_sid should be
minimal I guess.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list