[PATCH] Convert sid marshalling from char * to uint8_t *
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Aug 26 11:08:05 UTC 2015
Hi!
For my taste this matches the binary blob nature better.
Review&push appreciated!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From a618805be5de7af89df4875968c47178343c8407 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 24 Aug 2015 12:33:28 +0200
Subject: [PATCH 1/4] lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/security/dom_sid.h | 2 +-
libcli/security/util_sid.c | 2 +-
source3/lib/smbldap.c | 2 +-
source3/lib/tldap_util.c | 2 +-
source3/libads/ldap.c | 8 +++++---
source3/libsmb/cliquota.c | 2 +-
source3/modules/vfs_default.c | 2 +-
source3/smbd/nttrans.c | 5 +++--
source3/torture/torture.c | 6 +++---
9 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index cf3cedea..86bbbdf 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -94,7 +94,7 @@ bool sid_peek_rid(const struct dom_sid *sid, uint32_t *rid);
bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid);
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid);
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid);
+bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid);
int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
struct dom_sid **sids, uint32_t *num);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 7d72d64..7f62856 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -272,7 +272,7 @@ bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid)
Parse a on-the-wire SID to a struct dom_sid.
*****************************************************************/
-bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
+bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid)
{
DATA_BLOB in = data_blob_const(inbuf, len);
return sid_blob_parse(in, sid);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index f2d58a5..75116d2 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -237,7 +237,7 @@
&blob)) {
return false;
}
- ret = sid_parse((char *)blob.data, blob.length, sid);
+ ret = sid_parse(blob.data, blob.length, sid);
TALLOC_FREE(blob.data);
return ret;
}
diff --git a/source3/lib/tldap_util.c b/source3/lib/tldap_util.c
index 45bf19f..de1d4ba 100644
--- a/source3/lib/tldap_util.c
+++ b/source3/lib/tldap_util.c
@@ -93,7 +93,7 @@ bool tldap_pull_binsid(struct tldap_message *msg, const char *attribute,
if (!tldap_get_single_valueblob(msg, attribute, &val)) {
return false;
}
- return sid_parse((char *)val.data, val.length, sid);
+ return sid_parse(val.data, val.length, sid);
}
bool tldap_pull_guid(struct tldap_message *msg, const char *attribute,
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 8763164..e8ccfa9 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2361,7 +2361,8 @@ static void dump_sid(ADS_STRUCT *ads, const char *field, struct berval **values)
for (i=0; values[i]; i++) {
struct dom_sid sid;
fstring tmp;
- if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+ if (!sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &sid)) {
return;
}
printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
@@ -2891,7 +2892,8 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
count = 0;
for (i=0; values[i]; i++) {
- ret = sid_parse(values[i]->bv_val, values[i]->bv_len, &(*sids)[count]);
+ ret = sid_parse((const uint8_t *)values[i]->bv_val,
+ values[i]->bv_len, &(*sids)[count]);
if (ret) {
DEBUG(10, ("pulling SID: %s\n",
sid_string_dbg(&(*sids)[count])));
@@ -3456,7 +3458,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
- if (!sid_parse(buf, buf_len, sid)) {
+ if (!sid_parse((const uint8_t *)buf, buf_len, sid)) {
DEBUG(10,("failed to parse sid\n"));
return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
}
diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c
index 21dc72e..bbf16ba 100644
--- a/source3/libsmb/cliquota.c
+++ b/source3/libsmb/cliquota.c
@@ -89,7 +89,7 @@ static bool parse_user_quota_record(const uint8_t *rdata,
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(rdata,32);
- if (!sid_parse((const char *)rdata+40,sid_len,&qt.sid)) {
+ if (!sid_parse(rdata+40,sid_len,&qt.sid)) {
return false;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index ac1052e..460837c 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -1281,7 +1281,7 @@ static NTSTATUS vfswrap_fsctl(struct vfs_handle_struct *handle,
/* unknown 4 bytes: this is not the length of the sid :-( */
/*unknown = IVAL(pdata,0);*/
- if (!sid_parse(in_data + 4, sid_len, &sid)) {
+ if (!sid_parse(_in_data + 4, sid_len, &sid)) {
return NT_STATUS_INVALID_PARAMETER;
}
DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 04dddee..cd7454a 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2433,7 +2433,8 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
break;
}
- if (!sid_parse(pdata+8,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+8), sid_len,
+ &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
@@ -2586,7 +2587,7 @@ static void call_nt_transact_set_user_quota(connection_struct *conn,
/* the hard quotas 8 bytes (uint64_t)*/
qt.hardlim = BVAL(pdata,32);
- if (!sid_parse(pdata+40,sid_len,&sid)) {
+ if (!sid_parse((const uint8_t *)(pdata+40), sid_len, &sid)) {
reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
return;
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index e0be44e..914caf8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -8563,7 +8563,7 @@ static bool run_local_sid_to_string(int dummy) {
static bool run_local_binary_to_sid(int dummy) {
struct dom_sid *sid = talloc(NULL, struct dom_sid);
- static const char good_binary_sid[] = {
+ static const uint8_t good_binary_sid[] = {
0x1, /* revision number */
15, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
@@ -8584,7 +8584,7 @@ static bool run_local_binary_to_sid(int dummy) {
0x1, 0x1, 0x1, 0x1, /* auth[14] */
};
- static const char long_binary_sid[] = {
+ static const uint8_t long_binary_sid[] = {
0x1, /* revision number */
15, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
@@ -8608,7 +8608,7 @@ static bool run_local_binary_to_sid(int dummy) {
0x1, 0x1, 0x1, 0x1, /* auth[17] */
};
- static const char long_binary_sid2[] = {
+ static const uint8_t long_binary_sid2[] = {
0x1, /* revision number */
32, /* num auths */
0x1, 0x1, 0x1, 0x1, 0x1, 0x1, /* id_auth */
--
2.4.6
From 793aa9bd527de30db62178fbc3cd42935b99088b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 24 Aug 2015 16:46:12 +0200
Subject: [PATCH 2/4] lib: Convert callers of sid_blob_parse to sid_parse
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/common/util.c | 2 +-
source4/torture/unix/whoami.c | 16 +++++++++++++---
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 6447d06..c1b5d5a 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -360,7 +360,7 @@ struct dom_sid *samdb_result_dom_sid(TALLOC_CTX *mem_ctx, const struct ldb_messa
if (sid == NULL) {
return NULL;
}
- ok = sid_blob_parse(*v, sid);
+ ok = sid_parse(v->data, v->length, sid);
if (!ok) {
talloc_free(sid);
return NULL;
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 00109eb..53921d4 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -300,7 +300,10 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
struct dom_sid *sid = talloc(torture, struct dom_sid);
torture_assert(torture, sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+ torture_assert(torture,
+ sid_parse(el->values[i].data,
+ el->values[i].length, sid),
+ "sid parse failed");
torture_assert_str_equal(torture, dom_sid_string(sid, sid), dom_sid_string(sid, whoami->sid_list[i]), "SID from LDAP and SID from CIFS does not match!");
talloc_free(sid);
}
@@ -311,13 +314,20 @@ static bool test_against_ldap(struct torture_context *torture, struct ldb_contex
struct dom_sid *dc_sids = talloc_array(torture, struct dom_sid, el->num_values);
struct dom_sid *member_sids = talloc_array(torture, struct dom_sid, whoami->num_sids);
torture_assert(torture, user_sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[0], user_sid), "sid parse failed");
+ torture_assert(torture, sid_parse(el->values[0].data,
+ el->values[0].length,
+ user_sid),
+ "sid parse failed");
torture_assert_ntstatus_equal(torture, dom_sid_split_rid(torture, user_sid, &dom_sid, NULL), NT_STATUS_OK, "failed to split domain SID from user SID");
for (i = 0; i < el->num_values; i++) {
struct dom_sid *sid = talloc(dc_sids, struct dom_sid);
torture_assert(torture, sid != NULL, "talloc failed");
- torture_assert(torture, sid_blob_parse(el->values[i], sid), "sid parse failed");
+ torture_assert(torture,
+ sid_parse(el->values[i].data,
+ el->values[i].length,
+ sid),
+ "sid parse failed");
if (dom_sid_in_domain(dom_sid, sid)) {
dc_sids[num_domain_sids_dc] = *sid;
num_domain_sids_dc++;
--
2.4.6
From 8612893fcc552086917fc01fb83a0c3f1b36a70a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 24 Aug 2015 16:50:44 +0200
Subject: [PATCH 3/4] lib: Remove unused sid_blob_parse
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/security/dom_sid.h | 1 -
libcli/security/util_sid.c | 20 ++++++--------------
2 files changed, 6 insertions(+), 15 deletions(-)
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 86bbbdf..990a4c4 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -93,7 +93,6 @@ bool sid_split_rid(struct dom_sid *sid, uint32_t *rid);
bool sid_peek_rid(const struct dom_sid *sid, uint32_t *rid);
bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid);
void sid_copy(struct dom_sid *dst, const struct dom_sid *src);
-bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid);
bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid);
int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2);
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 7f62856..3399801 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -254,14 +254,16 @@ void sid_copy(struct dom_sid *dst, const struct dom_sid *src)
}
/*****************************************************************
- Parse a on-the-wire SID (in a DATA_BLOB) to a struct dom_sid.
+ Parse a on-the-wire SID to a struct dom_sid.
*****************************************************************/
-bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid)
+bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid)
{
+ DATA_BLOB in = data_blob_const(inbuf, len);
enum ndr_err_code ndr_err;
- ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid,
- (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+
+ ndr_err = ndr_pull_struct_blob_all(
+ &in, NULL, sid, (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
return false;
}
@@ -269,16 +271,6 @@ bool sid_blob_parse(DATA_BLOB in, struct dom_sid *sid)
}
/*****************************************************************
- Parse a on-the-wire SID to a struct dom_sid.
-*****************************************************************/
-
-bool sid_parse(const uint8_t *inbuf, size_t len, struct dom_sid *sid)
-{
- DATA_BLOB in = data_blob_const(inbuf, len);
- return sid_blob_parse(in, sid);
-}
-
-/*****************************************************************
See if 2 SIDs are in the same domain
this just compares the leading sub-auths
*****************************************************************/
--
2.4.6
From 2ca825ef2ba4ff8106c690c33807b3ceff9058f7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 26 Aug 2015 10:52:44 +0200
Subject: [PATCH 4/4] lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/include/proto.h | 2 +-
source3/lib/util_sid.c | 6 +++---
source3/libsmb/cliquota.c | 4 ++--
source3/passdb/pdb_ipa.c | 2 +-
source3/smbd/nttrans.c | 5 +++--
source3/smbd/trans2.c | 3 ++-
6 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b8f4a67..0af8cdd 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -525,7 +525,7 @@ char *sid_to_fstring(fstring sidstr_out, const struct dom_sid *sid);
char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
char *sid_string_dbg(const struct dom_sid *sid);
char *sid_string_tos(const struct dom_sid *sid);
-bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid);
+bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid);
bool non_mappable_sid(struct dom_sid *sid);
char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
struct netr_SamInfo3;
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index e336510..4b6fb81 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -72,7 +72,7 @@ char *sid_string_tos(const struct dom_sid *sid)
Write a sid out into on-the-wire format.
*****************************************************************/
-bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid)
+bool sid_linearize(uint8_t *outbuf, size_t len, const struct dom_sid *sid)
{
size_t i;
@@ -116,9 +116,9 @@ bool non_mappable_sid(struct dom_sid *sid)
char *sid_binstring_hex_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
{
int len = ndr_size_dom_sid(sid, 0);
- char buf[len];
+ uint8_t buf[len];
sid_linearize(buf, len, sid);
- return hex_encode_talloc(mem_ctx, (const unsigned char *)buf, len);
+ return hex_encode_talloc(mem_ctx, buf, len);
}
NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c
index bbf16ba..875c419 100644
--- a/source3/libsmb/cliquota.c
+++ b/source3/libsmb/cliquota.c
@@ -129,7 +129,7 @@ NTSTATUS cli_get_user_quota(struct cli_state *cli, int quota_fnum,
data_len = sid_len+8;
SIVAL(data, 0, 0x00000000);
SIVAL(data, 4, sid_len);
- sid_linearize((char *)data+8, sid_len, &pqt->sid);
+ sid_linearize(data+8, sid_len, &pqt->sid);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
@@ -183,7 +183,7 @@ NTSTATUS cli_set_user_quota(struct cli_state *cli, int quota_fnum,
SBIG_UINT(data,16,pqt->usedspace);
SBIG_UINT(data,24,pqt->softlim);
SBIG_UINT(data,32,pqt->hardlim);
- sid_linearize((char *)data+40, sid_len, &pqt->sid);
+ sid_linearize(data+40, sid_len, &pqt->sid);
status = cli_trans(talloc_tos(), cli, SMBnttrans,
NULL, -1, /* name, fid */
diff --git a/source3/passdb/pdb_ipa.c b/source3/passdb/pdb_ipa.c
index e1e5527..4d9d09c 100644
--- a/source3/passdb/pdb_ipa.c
+++ b/source3/passdb/pdb_ipa.c
@@ -768,7 +768,7 @@ static struct pdb_domain_info *pdb_ipasam_get_domain_info(struct pdb_methods *pd
struct pdb_domain_info *info;
struct ldapsam_privates *ldap_state =
(struct ldapsam_privates *)pdb_methods->private_data;
- char sid_buf[24];
+ uint8_t sid_buf[24];
DATA_BLOB sid_blob;
NTSTATUS status;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index cd7454a..19c7153 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2384,7 +2384,8 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
SBIG_UINT(entry,32,tmp_list->quotas->hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &tmp_list->quotas->sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len,
+ &tmp_list->quotas->sid);
}
qt_handle->tmp_list = tmp_list;
@@ -2486,7 +2487,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
SBIG_UINT(entry,32,qt.hardlim);
/* and now the SID */
- sid_linearize(entry+40, sid_len, &sid);
+ sid_linearize((uint8_t *)(entry+40), sid_len, &sid);
break;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 8816402..58d18fb 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3796,7 +3796,8 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
&conn->session_info->security_token->sids[i],
0);
- sid_linearize(pdata + data_len, sid_len,
+ sid_linearize((uint8_t *)(pdata + data_len),
+ sid_len,
&conn->session_info->security_token->sids[i]);
data_len += sid_len;
}
--
2.4.6
More information about the samba-technical
mailing list