[PATCH] A few more dom_sid_str_buf calls
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Jan 7 14:40:38 UTC 2019
Hi!
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: 0551-370000-0, mailto:kontakt at sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG Göttingen: HR-B 2816 - http://www.sernet.de
-------------- next part --------------
From 026e08a362bd658f73fe3cc17afea1fabebf6536 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 20 Dec 2018 21:53:17 +0100
Subject: [PATCH 01/13] auth3: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/auth/token_util.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index bfc2c3029b2..f7ebd23e4aa 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -1212,15 +1212,18 @@ bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *grou
bool result = false;
enum lsa_SidType type;
TALLOC_CTX *mem_ctx = talloc_stackframe();
+ struct dom_sid_buf buf;
if (!lookup_sid(mem_ctx, sid,
NULL, NULL, &type)) {
- DEBUG(1, ("lookup_sid for %s failed\n", dom_sid_string(mem_ctx, sid)));
+ DEBUG(1, ("lookup_sid for %s failed\n",
+ dom_sid_str_buf(sid, &buf)));
goto done;
}
if (type != SID_NAME_USER) {
- DEBUG(5, ("%s is a %s, not a user\n", dom_sid_string(mem_ctx, sid),
+ DEBUG(5, ("%s is a %s, not a user\n",
+ dom_sid_str_buf(sid, &buf),
sid_type_lookup(type)));
goto done;
}
@@ -1230,7 +1233,8 @@ bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *grou
&token);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("could not create token for %s\n", dom_sid_string(mem_ctx, sid)));
+ DEBUG(10, ("could not create token for %s\n",
+ dom_sid_str_buf(sid, &buf)));
goto done;
}
--
2.11.0
From a8f48736130eba16e2f78806d7bee62adf3ee529 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 20 Dec 2018 21:57:21 +0100
Subject: [PATCH 02/13] winbindd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_cm.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 2e98c7634e8..22d3dcaa92b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -2552,15 +2552,15 @@ no_dssetup:
!dom_sid_equal(&domain->sid,
lsa_info->dns.sid))
{
+ struct dom_sid_buf buf1, buf2;
DEBUG(1, ("set_dc_type_and_flags_connect: DC "
"for domain %s (%s) claimed it was "
"a DC for domain %s, refusing to "
"initialize\n",
- dom_sid_string(talloc_tos(),
- &domain->sid),
+ dom_sid_str_buf(&domain->sid, &buf1),
domain->name,
- dom_sid_string(talloc_tos(),
- lsa_info->dns.sid)));
+ dom_sid_str_buf(lsa_info->dns.sid,
+ &buf2)));
TALLOC_FREE(cli);
TALLOC_FREE(mem_ctx);
return;
@@ -2611,16 +2611,18 @@ no_dssetup:
!dom_sid_equal(&domain->sid,
lsa_info->account_domain.sid))
{
+ struct dom_sid_buf buf1, buf2;
DEBUG(1,
("set_dc_type_and_flags_connect: "
"DC for domain %s (%s) claimed "
"it was a DC for domain %s, "
"refusing to initialize\n",
- dom_sid_string(talloc_tos(),
- &domain->sid),
+ dom_sid_str_buf(
+ &domain->sid, &buf1),
domain->name,
- dom_sid_string(talloc_tos(),
- lsa_info->account_domain.sid)));
+ dom_sid_str_buf(
+ lsa_info->account_domain.sid,
+ &buf2)));
TALLOC_FREE(cli);
TALLOC_FREE(mem_ctx);
return;
--
2.11.0
From 977d126f2bbb0f53dc4e94c7aa7831ace6b415de Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Dec 2018 09:27:43 +0100
Subject: [PATCH 03/13] libcli: Simplify smblsa_lookup_name
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/libcli/util/clilsa.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
index 0599c76f694..b9f220f48ab 100644
--- a/source4/libcli/util/clilsa.c
+++ b/source4/libcli/util/clilsa.c
@@ -301,9 +301,8 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
struct lsa_RefDomainList *domains = NULL;
uint32_t count = 1;
NTSTATUS status;
- struct dom_sid *sid;
+ struct dom_sid sid;
TALLOC_CTX *mem_ctx2 = talloc_new(mem_ctx);
- uint32_t rid;
status = smblsa_connect(cli);
if (!NT_STATUS_IS_OK(status)) {
@@ -343,11 +342,9 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- sid = domains->domains[0].sid;
- rid = sids.sids[0].rid;
-
- (*sid_str) = talloc_asprintf(mem_ctx, "%s-%u",
- dom_sid_string(mem_ctx2, sid), rid);
+ sid_compose(&sid, domains->domains[0].sid, sids.sids[0].rid);
+
+ (*sid_str) = dom_sid_string(mem_ctx, &sid);
talloc_free(mem_ctx2);
--
2.11.0
From 2b3ee34eee6abc542fa89c217a896bbe1ae68043 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Dec 2018 09:30:58 +0100
Subject: [PATCH 04/13] smbclient: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/client/client.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/source3/client/client.c b/source3/client/client.c
index e8faed55dc4..3a31463cdbb 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3359,9 +3359,10 @@ static int cmd_posix_whoami(void)
}
d_printf("NUM_SIDS:%" PRIu32 "\n", num_sids);
for (i = 0; i < num_sids; i++) {
- char *sid_str = dom_sid_string(ctx, &sids[i]);
- d_printf("SIDS[%" PRIu32 "]:%s\n", i, sid_str);
- TALLOC_FREE(sid_str);
+ struct dom_sid_buf buf;
+ d_printf("SIDS[%" PRIu32 "]:%s\n",
+ i,
+ dom_sid_str_buf(&sids[i], &buf));
}
return 0;
}
--
2.11.0
From 5a1ee7d74f93a713219bf438318b8d6150552fff Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Dec 2018 09:32:41 +0100
Subject: [PATCH 05/13] libndr: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/ndr/ndr_sec_helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index ecc05115d4b..5a2ed16e33e 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -147,7 +147,8 @@ size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags)
*/
void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
{
- ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid));
+ struct dom_sid_buf buf;
+ ndr->print(ndr, "%-25s: %s", name, dom_sid_str_buf(sid, &buf));
}
void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid)
--
2.11.0
From 429e07387c411f548267f5bccdd4fa1371887c7f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 21 Dec 2018 09:34:34 +0100
Subject: [PATCH 06/13] pydsdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/pydsdb.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/source4/dsdb/pydsdb.c b/source4/dsdb/pydsdb.c
index 7bbceb35a92..297943b1a54 100644
--- a/source4/dsdb/pydsdb.c
+++ b/source4/dsdb/pydsdb.c
@@ -191,8 +191,8 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
PyObject *py_ldb;
struct ldb_context *ldb;
const struct dom_sid *sid;
+ struct dom_sid_buf buf;
PyObject *ret;
- char *retstr;
if (!PyArg_ParseTuple(args, "O", &py_ldb))
return NULL;
@@ -205,13 +205,7 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
return NULL;
}
- retstr = dom_sid_string(NULL, sid);
- if (retstr == NULL) {
- PyErr_NoMemory();
- return NULL;
- }
- ret = PyStr_FromString(retstr);
- talloc_free(retstr);
+ ret = PyStr_FromString(dom_sid_str_buf(sid, &buf));
return ret;
}
--
2.11.0
From b6989e489405d6f8fe23b1a44e37e947e14e0b92 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 14 Dec 2018 20:30:10 +0100
Subject: [PATCH 07/13] winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_autorid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 6e38a57805b..1d0f0fafb82 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -464,7 +464,7 @@ static NTSTATUS idmap_autorid_sid_to_id_alloc_action(
return ret;
}
- DEBUG(10, ("Sepecial sid %s not mapped. falling back to "
+ DEBUG(10, ("Special sid %s not mapped. falling back to "
"regular allocation\n",
dom_sid_str_buf(ctx->map->sid, &buf)));
}
--
2.11.0
From a53c1fba9a743e7bcae3344b3445fb30d4174ec9 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 16:59:32 +0100
Subject: [PATCH 08/13] passdb: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/pdb_samba_dsdb.c | 97 +++++++++++++++++++++++++++--------------
1 file changed, 64 insertions(+), 33 deletions(-)
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 951ab81c22c..0753d38b5f6 100644
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -155,7 +155,8 @@ static struct ldb_message *pdb_samba_dsdb_get_samu_private(
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
struct ldb_message *msg;
- char *sidstr, *filter;
+ struct dom_sid_buf sidstr;
+ char *filter;
NTSTATUS status;
msg = (struct ldb_message *)
@@ -165,14 +166,10 @@ static struct ldb_message *pdb_samba_dsdb_get_samu_private(
return talloc_get_type_abort(msg, struct ldb_message);
}
- sidstr = dom_sid_string(talloc_tos(), pdb_get_user_sid(sam));
- if (sidstr == NULL) {
- return NULL;
- }
-
filter = talloc_asprintf(
- talloc_tos(), "(&(objectsid=%s)(objectclass=user))", sidstr);
- TALLOC_FREE(sidstr);
+ talloc_tos(),
+ "(&(objectsid=%s)(objectclass=user))",
+ dom_sid_str_buf(pdb_get_user_sid(sam), &sidstr));
if (filter == NULL) {
return NULL;
}
@@ -725,15 +722,11 @@ static NTSTATUS pdb_samba_dsdb_getsampwsid(struct pdb_methods *m,
NTSTATUS status;
struct pdb_samba_dsdb_state *state = talloc_get_type_abort(
m->private_data, struct pdb_samba_dsdb_state);
- char *sidstr;
-
- sidstr = dom_sid_string(talloc_tos(), sid);
- NT_STATUS_HAVE_NO_MEMORY(sidstr);
+ struct dom_sid_buf buf;
status = pdb_samba_dsdb_getsampwfilter(m, state, sam_acct,
"(&(objectsid=%s)(objectclass=user))",
- sidstr);
- talloc_free(sidstr);
+ dom_sid_str_buf(sid, &buf));
return status;
}
@@ -771,10 +764,15 @@ static NTSTATUS pdb_samba_dsdb_delete_user(struct pdb_methods *m,
m->private_data, struct pdb_samba_dsdb_state);
struct ldb_dn *dn;
int rc;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- dn = ldb_dn_new_fmt(tmp_ctx, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, pdb_get_user_sid(sam)));
+ dn = ldb_dn_new_fmt(
+ tmp_ctx,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(pdb_get_user_sid(sam), &buf));
if (!dn || !ldb_dn_validate(dn)) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -1110,6 +1108,7 @@ static NTSTATUS pdb_samba_dsdb_delete_dom_group(struct pdb_methods *m,
struct ldb_message *msg;
struct ldb_dn *dn;
int rc;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
@@ -1120,7 +1119,11 @@ static NTSTATUS pdb_samba_dsdb_delete_dom_group(struct pdb_methods *m,
return NT_STATUS_INTERNAL_ERROR;
}
- dn = ldb_dn_new_fmt(tmp_ctx, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, &sid));
+ dn = ldb_dn_new_fmt(
+ tmp_ctx,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(&sid, &buf));
if (!dn || !ldb_dn_validate(dn)) {
talloc_free(tmp_ctx);
ldb_transaction_cancel(state->ldb);
@@ -1193,11 +1196,16 @@ static NTSTATUS pdb_samba_dsdb_enum_group_members(struct pdb_methods *m,
uint32_t *members;
struct ldb_dn *dn;
NTSTATUS status;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- dn = ldb_dn_new_fmt(tmp_ctx, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, group));
+ dn = ldb_dn_new_fmt(
+ tmp_ctx,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(group, &buf));
if (!dn || !ldb_dn_validate(dn)) {
return NT_STATUS_NO_MEMORY;
}
@@ -1285,10 +1293,11 @@ static NTSTATUS fake_enum_group_memberships(struct pdb_samba_dsdb_state *state,
if (id_map.xid.type == ID_TYPE_GID || id_map.xid.type == ID_TYPE_BOTH) {
gids[0] = id_map.xid.id;
} else {
+ struct dom_sid_buf buf1, buf2;
DEBUG(1, (__location__
"Group %s, of which %s is a member, could not be converted to a GID\n",
- dom_sid_string(tmp_ctx, &group_sids[0]),
- dom_sid_string(tmp_ctx, &user->user_sid)));
+ dom_sid_str_buf(&group_sids[0], &buf1),
+ dom_sid_str_buf(&user->user_sid, &buf2)));
talloc_free(tmp_ctx);
/* We must error out, otherwise a user might
* avoid a DENY acl based on a group they
@@ -1392,9 +1401,11 @@ static NTSTATUS pdb_samba_dsdb_enum_group_memberships(struct pdb_methods *m,
if (id_map.xid.type == ID_TYPE_GID || id_map.xid.type == ID_TYPE_BOTH) {
gids[num_groups] = id_map.xid.id;
} else {
+ struct dom_sid_buf buf;
DEBUG(1, (__location__
"Group %s, of which %s is a member, could not be converted to a GID\n",
- dom_sid_string(tmp_ctx, &group_sids[num_groups]),
+ dom_sid_str_buf(&group_sids[num_groups],
+ &buf),
ldb_dn_get_linearized(msg->dn)));
talloc_free(tmp_ctx);
/* We must error out, otherwise a user might
@@ -1434,6 +1445,7 @@ static NTSTATUS pdb_samba_dsdb_mod_groupmem_by_sid(struct pdb_methods *m,
struct ldb_message *msg;
int ret;
struct ldb_message_element *el;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
msg = ldb_msg_new(tmp_ctx);
@@ -1442,12 +1454,20 @@ static NTSTATUS pdb_samba_dsdb_mod_groupmem_by_sid(struct pdb_methods *m,
return NT_STATUS_NO_MEMORY;
}
- msg->dn = ldb_dn_new_fmt(msg, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, groupsid));
+ msg->dn = ldb_dn_new_fmt(
+ msg,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(groupsid, &buf));
if (!msg->dn || !ldb_dn_validate(msg->dn)) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_fmt(msg, "member", "<SID=%s>", dom_sid_string(tmp_ctx, membersid));
+ ret = ldb_msg_add_fmt(
+ msg,
+ "member",
+ "<SID=%s>",
+ dom_sid_str_buf(membersid, &buf));
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -1551,10 +1571,15 @@ static NTSTATUS pdb_samba_dsdb_delete_alias(struct pdb_methods *m,
struct ldb_message *msg;
struct ldb_dn *dn;
int rc;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_stackframe();
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- dn = ldb_dn_new_fmt(tmp_ctx, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, sid));
+ dn = ldb_dn_new_fmt(
+ tmp_ctx,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(sid, &buf));
if (!dn || !ldb_dn_validate(dn)) {
talloc_free(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -1713,10 +1738,15 @@ static NTSTATUS pdb_samba_dsdb_enum_aliasmem(struct pdb_methods *m,
struct ldb_dn *dn;
unsigned int num_members;
NTSTATUS status;
+ struct dom_sid_buf buf;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
- dn = ldb_dn_new_fmt(tmp_ctx, state->ldb, "<SID=%s>", dom_sid_string(tmp_ctx, alias));
+ dn = ldb_dn_new_fmt(
+ tmp_ctx,
+ state->ldb,
+ "<SID=%s>",
+ dom_sid_str_buf(alias, &buf));
if (!dn || !ldb_dn_validate(dn)) {
return NT_STATUS_NO_MEMORY;
}
@@ -1747,7 +1777,6 @@ static NTSTATUS pdb_samba_dsdb_enum_alias_memberships(struct pdb_methods *m,
unsigned int num_groupSIDs = 0;
char *filter;
NTSTATUS status;
- const char *sid_string;
const char *sid_dn;
DATA_BLOB sid_blob;
@@ -1765,13 +1794,12 @@ static NTSTATUS pdb_samba_dsdb_enum_alias_memberships(struct pdb_methods *m,
}
for (i = 0; i < num_members; i++) {
- sid_string = dom_sid_string(tmp_ctx, &members[i]);
- if (sid_string == NULL) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
+ struct dom_sid_buf buf;
- sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", sid_string);
+ sid_dn = talloc_asprintf(
+ tmp_ctx,
+ "<SID=%s>",
+ dom_sid_str_buf(&members[i], &buf));
if (sid_dn == NULL) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
@@ -3136,13 +3164,15 @@ static NTSTATUS pdb_samba_dsdb_get_trusted_domain_by_sid(struct pdb_methods *m,
};
struct ldb_message *msg = NULL;
struct pdb_trusted_domain *d = NULL;
+ struct dom_sid_buf buf;
NTSTATUS status;
status = dsdb_trust_search_tdo_by_sid(state->ldb, sid,
attrs, tmp_ctx, &msg);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("dsdb_trust_search_tdo_by_sid(%s) - %s ",
- dom_sid_string(tmp_ctx, sid), nt_errstr(status));
+ dom_sid_str_buf(sid, &buf),
+ nt_errstr(status));
TALLOC_FREE(tmp_ctx);
return status;
}
@@ -3150,7 +3180,8 @@ static NTSTATUS pdb_samba_dsdb_get_trusted_domain_by_sid(struct pdb_methods *m,
status = pdb_samba_dsdb_msg_to_trusted_domain(msg, mem_ctx, &d);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("pdb_samba_dsdb_msg_to_trusted_domain(%s) - %s ",
- dom_sid_string(tmp_ctx, sid), nt_errstr(status));
+ dom_sid_str_buf(sid, &buf),
+ nt_errstr(status));
TALLOC_FREE(tmp_ctx);
return status;
}
--
2.11.0
From b7a75c1c78eeca768a9c3b2fbe3167e0c72aa0ef Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 17:02:54 +0100
Subject: [PATCH 09/13] ntpd: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/ntp_signd/ntp_signd.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/source4/ntp_signd/ntp_signd.c b/source4/ntp_signd/ntp_signd.c
index 5999bf81540..5db4892ae09 100644
--- a/source4/ntp_signd/ntp_signd.c
+++ b/source4/ntp_signd/ntp_signd.c
@@ -112,6 +112,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
MD5_CTX ctx;
struct samr_Password *nt_hash;
uint32_t user_account_control;
+ struct dom_sid_buf buf;
int ret;
ndr_err = ndr_pull_struct_blob_all(input, mem_ctx,
@@ -171,7 +172,7 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
if (ret != LDB_SUCCESS) {
DEBUG(2, ("Failed to search for SID %s in SAM for NTP signing: "
"%s\n",
- dom_sid_string(mem_ctx, sid),
+ dom_sid_str_buf(sid, &buf),
ldb_errstring(ntp_signd_conn->ntp_signd->samdb)));
return signing_failure(ntp_signd_conn,
mem_ctx,
@@ -181,14 +182,15 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
if (res->count == 0) {
DEBUG(2, ("Failed to find SID %s in SAM for NTP signing\n",
- dom_sid_string(mem_ctx, sid)));
+ dom_sid_str_buf(sid, &buf)));
return signing_failure(ntp_signd_conn,
mem_ctx,
output,
sign_request.packet_id);
} else if (res->count != 1) {
DEBUG(1, ("Found SID %s %u times in SAM for NTP signing\n",
- dom_sid_string(mem_ctx, sid), res->count));
+ dom_sid_str_buf(sid, &buf),
+ res->count));
return signing_failure(ntp_signd_conn,
mem_ctx,
output,
@@ -202,21 +204,22 @@ static NTSTATUS ntp_signd_process(struct ntp_signd_connection *ntp_signd_conn,
if (user_account_control & UF_ACCOUNTDISABLE) {
DEBUG(1, ("Account %s for SID [%s] is disabled\n",
ldb_dn_get_linearized(res->msgs[0]->dn),
- dom_sid_string(mem_ctx, sid)));
+ dom_sid_str_buf(sid, &buf)));
return NT_STATUS_ACCESS_DENIED;
}
if (!(user_account_control & (UF_INTERDOMAIN_TRUST_ACCOUNT|UF_SERVER_TRUST_ACCOUNT|UF_WORKSTATION_TRUST_ACCOUNT))) {
DEBUG(1, ("Account %s for SID [%s] is not a trust account\n",
ldb_dn_get_linearized(res->msgs[0]->dn),
- dom_sid_string(mem_ctx, sid)));
+ dom_sid_str_buf(sid, &buf)));
return NT_STATUS_ACCESS_DENIED;
}
nt_hash = samdb_result_hash(mem_ctx, res->msgs[0], "unicodePwd");
if (!nt_hash) {
DEBUG(1, ("No unicodePwd found on record of SID %s "
- "for NTP signing\n", dom_sid_string(mem_ctx, sid)));
+ "for NTP signing\n",
+ dom_sid_str_buf(sid, &buf)));
return signing_failure(ntp_signd_conn,
mem_ctx,
output,
--
2.11.0
From 36d19a8e2de014e44fdf87911502e0c3927bfce7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 17:11:55 +0100
Subject: [PATCH 10/13] auth4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/auth/sam.c | 16 +++++++---------
source4/auth/session.c | 15 +++++----------
source4/auth/unix_token.c | 18 +++++++++---------
3 files changed, 21 insertions(+), 28 deletions(-)
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 38c4a248027..709e901b45b 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -350,7 +350,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
char *filter = NULL;
/* SIDs for the account and his primary group */
struct dom_sid *account_sid;
- const char *primary_group_string;
+ struct dom_sid_buf buf;
const char *primary_group_dn;
DATA_BLOB primary_group_blob;
/* SID structures for the expanded group memberships */
@@ -404,13 +404,10 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
return status;
}
- primary_group_string = dom_sid_string(tmp_ctx, &sids[PRIMARY_GROUP_SID_INDEX]);
- if (primary_group_string == NULL) {
- TALLOC_FREE(user_info_dc);
- return NT_STATUS_NO_MEMORY;
- }
-
- primary_group_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", primary_group_string);
+ primary_group_dn = talloc_asprintf(
+ tmp_ctx,
+ "<SID=%s>",
+ dom_sid_str_buf(&sids[PRIMARY_GROUP_SID_INDEX], &buf));
if (primary_group_dn == NULL) {
TALLOC_FREE(user_info_dc);
return NT_STATUS_NO_MEMORY;
@@ -755,8 +752,9 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
"(&(objectSid=%s)(objectClass=domain))",
ldap_encode_ndr_dom_sid(tmp_ctx, domain_sid));
if (!domain_dn) {
+ struct dom_sid_buf buf;
DEBUG(3, ("authsam_get_user_info_dc_principal: Failed to find domain with: SID %s\n",
- dom_sid_string(tmp_ctx, domain_sid)));
+ dom_sid_str_buf(domain_sid, &buf)));
return NT_STATUS_NO_SUCH_USER;
}
diff --git a/source4/auth/session.c b/source4/auth/session.c
index e324ecfb3b6..3a8c40b7fb8 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -178,19 +178,14 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
/* Search for each group in the token */
for (i = 0; i < num_sids; i++) {
- char *sid_string;
+ struct dom_sid_buf buf;
const char *sid_dn;
DATA_BLOB sid_blob;
- sid_string = dom_sid_string(tmp_ctx,
- &sids[i]);
- if (sid_string == NULL) {
- TALLOC_FREE(user_info_dc);
- return NT_STATUS_NO_MEMORY;
- }
-
- sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", sid_string);
- talloc_free(sid_string);
+ sid_dn = talloc_asprintf(
+ tmp_ctx,
+ "<SID=%s>",
+ dom_sid_str_buf(&sids[i], &buf));
if (sid_dn == NULL) {
TALLOC_FREE(user_info_dc);
return NT_STATUS_NO_MEMORY;
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index fdfbb240682..f3a93b658e5 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -91,11 +91,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
} else if (ids[0].xid.type == ID_TYPE_UID) {
(*sec)->uid = ids[0].xid.id;
} else {
- char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
+ struct dom_sid_buf buf;
DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID. Conversion was returned as type %d, full token:\n",
- sid_str, (int)ids[0].xid.type));
+ dom_sid_str_buf(ids[0].sid, &buf),
+ (int)ids[0].xid.type));
security_token_debug(DBGC_AUTH, 0, token);
- talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -105,11 +105,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[1].xid.id;
g++;
} else {
- char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
+ struct dom_sid_buf buf;
DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID. Conversion was returned as type %d, full token:\n",
- sid_str, (int)ids[1].xid.type));
+ dom_sid_str_buf(ids[1].sid, &buf),
+ (int)ids[1].xid.type));
security_token_debug(DBGC_AUTH, 0, token);
- talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -119,11 +119,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[s].xid.id;
g++;
} else {
- char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
+ struct dom_sid_buf buf;
DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID. Conversion was returned as type %d, full token:\n",
- sid_str, (unsigned int)s, (int)ids[s].xid.type));
+ dom_sid_str_buf(ids[s].sid, &buf),
+ (unsigned int)s, (int)ids[s].xid.type));
security_token_debug(DBGC_AUTH, 0, token);
- talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
}
--
2.11.0
From 8a4e078bad436425d36271234ca567038b0eabab Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 17:12:19 +0100
Subject: [PATCH 11/13] pysecurity: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/librpc/ndr/py_security.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 8288748b2be..eb5224dc243 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -114,18 +114,17 @@ static int py_dom_sid_cmp(PyObject *py_self, PyObject *py_other)
static PyObject *py_dom_sid_str(PyObject *py_self)
{
struct dom_sid *self = pytalloc_get_ptr(py_self);
- char *str = dom_sid_string(NULL, self);
- PyObject *ret = PyStr_FromString(str);
- talloc_free(str);
+ struct dom_sid_buf buf;
+ PyObject *ret = PyStr_FromString(dom_sid_str_buf(self, &buf));
return ret;
}
static PyObject *py_dom_sid_repr(PyObject *py_self)
{
struct dom_sid *self = pytalloc_get_ptr(py_self);
- char *str = dom_sid_string(NULL, self);
- PyObject *ret = PyStr_FromFormat("dom_sid('%s')", str);
- talloc_free(str);
+ struct dom_sid_buf buf;
+ PyObject *ret = PyStr_FromFormat(
+ "dom_sid('%s')", dom_sid_str_buf(self, &buf));
return ret;
}
--
2.11.0
From e464823eefff7d04877122a3d61c80bd9a84875b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 17:17:58 +0100
Subject: [PATCH 12/13] winbind4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/winbind/idmap.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index 86fd354b606..c944132ee76 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -401,7 +401,8 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
struct ldb_result *res = NULL;
int trans = -1;
uint32_t low, high, hwm, new_xid;
- char *sid_string, *unixid_string, *hwm_string;
+ struct dom_sid_buf sid_string;
+ char *unixid_string, *hwm_string;
bool hwm_entry_exists;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
const char *sam_attrs[] = {"uidNumber", "gidNumber", "samAccountType", NULL};
@@ -445,6 +446,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
*/
if (lpcfg_parm_bool(idmap_ctx->lp_ctx, NULL, "idmap_ldb", "use rfc2307", false)) {
+ struct dom_sid_buf buf;
ret = dsdb_search_one(idmap_ctx->samdb, tmp_ctx, &sam_msg,
ldb_get_default_basedn(idmap_ctx->samdb),
LDB_SCOPE_SUBTREE, sam_attrs, 0,
@@ -452,7 +454,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
"(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
"(sAMaccountType=%u)(sAMaccountType=%u))"
"(|(uidNumber=*)(gidNumber=*)))",
- dom_sid_string(tmp_ctx, sid),
+ dom_sid_str_buf(sid, &buf),
ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);
} else {
@@ -461,8 +463,9 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
}
if (ret == LDB_ERR_CONSTRAINT_VIOLATION) {
+ struct dom_sid_buf buf;
DEBUG(1, ("Search for objectSid=%s gave duplicate results, failing to map to a unix ID!\n",
- dom_sid_string(tmp_ctx, sid)));
+ dom_sid_str_buf(sid, &buf)));
status = NT_STATUS_NONE_MAPPED;
goto failed;
} else if (ret == LDB_SUCCESS) {
@@ -491,8 +494,10 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
}
}
} else if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+ struct dom_sid_buf buf;
DEBUG(1, ("Search for objectSid=%s gave '%s', failing to map to a SID!\n",
- dom_sid_string(tmp_ctx, sid), ldb_errstring(idmap_ctx->samdb)));
+ dom_sid_str_buf(sid, &buf),
+ ldb_errstring(idmap_ctx->samdb)));
status = NT_STATUS_NONE_MAPPED;
goto failed;
@@ -620,11 +625,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
goto failed;
}
- sid_string = dom_sid_string(tmp_ctx, sid);
- if (sid_string == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto failed;
- }
+ dom_sid_str_buf(sid, &sid_string);
unixid_string = talloc_asprintf(tmp_ctx, "%u", new_xid);
if (unixid_string == NULL) {
@@ -700,7 +701,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
goto failed;
}
- map_msg->dn = ldb_dn_new_fmt(tmp_ctx, ldb, "CN=%s", sid_string);
+ map_msg->dn = ldb_dn_new_fmt(tmp_ctx, ldb, "CN=%s", sid_string.buf);
if (map_msg->dn == NULL) {
status = NT_STATUS_NO_MEMORY;
goto failed;
@@ -731,7 +732,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
goto failed;
}
- ret = ldb_msg_add_string(map_msg, "cn", sid_string);
+ ret = ldb_msg_add_string(map_msg, "cn", sid_string.buf);
if (ret != LDB_SUCCESS) {
status = NT_STATUS_NONE_MAPPED;
goto failed;
@@ -840,10 +841,11 @@ NTSTATUS idmap_sids_to_xids(struct idmap_context *idmap_ctx,
&id[i]->xid);
}
if (!NT_STATUS_IS_OK(status)) {
- char *str = dom_sid_string(mem_ctx, id[i]->sid);
+ struct dom_sid_buf buf;
DEBUG(1, ("idmapping sid_to_xid failed for id[%d]=%s: %s\n",
- i, str, nt_errstr(status)));
- talloc_free(str);
+ i,
+ dom_sid_str_buf(id[i]->sid, &buf),
+ nt_errstr(status)));
error_count++;
id[i]->status = ID_UNMAPPED;
} else {
--
2.11.0
From bb2d63ebdf8b5c37049eb51051c2d166126d89f0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 16 Dec 2018 17:24:36 +0100
Subject: [PATCH 13/13] libnet4: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/libnet/libnet_join.c | 11 +++++++----
source4/libnet/libnet_samdump.c | 4 +++-
source4/libnet/libnet_samsync_ldb.c | 27 +++++++++++----------------
3 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 245485f69cd..825a81579cc 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -610,10 +610,13 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
status = od.out.result;
}
if (!NT_STATUS_IS_OK(status)) {
- r->out.error_string = talloc_asprintf(mem_ctx,
- "samr_OpenDomain for [%s] failed: %s",
- dom_sid_string(tmp_ctx, connect_with_info->out.domain_sid),
- nt_errstr(status));
+ struct dom_sid_buf buf;
+ r->out.error_string = talloc_asprintf(
+ mem_ctx,
+ "samr_OpenDomain for [%s] failed: %s",
+ dom_sid_str_buf(connect_with_info->out.domain_sid,
+ &buf),
+ nt_errstr(status));
talloc_free(tmp_ctx);
return status;
}
diff --git a/source4/libnet/libnet_samdump.c b/source4/libnet/libnet_samdump.c
index 326d8041b26..097a6efe54e 100644
--- a/source4/libnet/libnet_samdump.c
+++ b/source4/libnet/libnet_samdump.c
@@ -183,6 +183,7 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
for (s=samdump_state->secrets; s; s=s->next) {
size_t converted_size = 0;
char *secret_string;
+ struct dom_sid_buf buf;
if (strcasecmp_m(s->name, secret_name) != 0) {
continue;
}
@@ -196,7 +197,8 @@ NTSTATUS libnet_SamDump(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
printf("%s\t%s\t%s\n",
- t->name, dom_sid_string(mem_ctx, t->sid),
+ t->name,
+ dom_sid_str_buf(t->sid, &buf),
secret_string);
}
}
diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c
index 9ea7dce041c..3171138886c 100644
--- a/source4/libnet/libnet_samsync_ldb.c
+++ b/source4/libnet/libnet_samsync_ldb.c
@@ -71,7 +71,7 @@ static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx,
struct ldb_dn **fsp_dn,
char **error_string)
{
- const char *sidstr = dom_sid_string(mem_ctx, sid);
+ struct dom_sid_buf buf;
/* We assume that ForeignSecurityPrincipals are under the BASEDN of the main domain */
struct ldb_dn *basedn = samdb_search_dn(state->sam_ldb, mem_ctx,
state->base_dn[SAM_DATABASE_DOMAIN],
@@ -79,10 +79,6 @@ static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx,
struct ldb_message *msg;
int ret;
- if (!sidstr) {
- return NT_STATUS_NO_MEMORY;
- }
-
if (basedn == NULL) {
*error_string = talloc_asprintf(mem_ctx,
"Failed to find DN for "
@@ -98,7 +94,8 @@ static NTSTATUS samsync_ldb_add_foreignSecurityPrincipal(TALLOC_CTX *mem_ctx,
/* add core elements to the ldb_message for the alias */
msg->dn = basedn;
- if ( ! ldb_dn_add_child_fmt(msg->dn, "CN=%s", sidstr))
+ if ( ! ldb_dn_add_child_fmt(
+ msg->dn, "CN=%s", dom_sid_str_buf(sid, &buf)))
return NT_STATUS_UNSUCCESSFUL;
ldb_msg_add_string(msg, "objectClass", "foreignSecurityPrincipal");
@@ -973,20 +970,15 @@ static NTSTATUS samsync_ldb_handle_account(TALLOC_CTX *mem_ctx,
struct ldb_message *msg;
int ret;
uint32_t i;
- char *dnstr, *sidstr;
+ char *dnstr;
+ struct dom_sid_buf buf;
msg = ldb_msg_new(mem_ctx);
if (msg == NULL) {
return NT_STATUS_NO_MEMORY;
}
- sidstr = dom_sid_string(msg, sid);
- if (sidstr == NULL) {
- TALLOC_FREE(msg);
- return NT_STATUS_NO_MEMORY;
- }
-
- dnstr = talloc_asprintf(msg, "sid=%s", sidstr);
+ dnstr = talloc_asprintf(msg, "sid=%s", dom_sid_str_buf(sid, &buf));
if (dnstr == NULL) {
TALLOC_FREE(msg);
return NT_STATUS_NO_MEMORY;
@@ -1050,8 +1042,11 @@ static NTSTATUS samsync_ldb_delete_account(TALLOC_CTX *mem_ctx,
} else if (ret == 0) {
return NT_STATUS_NO_SUCH_USER;
} else if (ret > 1) {
- *error_string = talloc_asprintf(mem_ctx, "More than one account with SID: %s",
- dom_sid_string(mem_ctx, sid));
+ struct dom_sid_buf buf;
+ *error_string = talloc_asprintf(
+ mem_ctx,
+ "More than one account with SID: %s",
+ dom_sid_str_buf(sid, &buf));
return NT_STATUS_INTERNAL_DB_CORRUPTION;
} else {
msg->dn = talloc_steal(msg, msgs[0]->dn);
--
2.11.0
More information about the samba-technical
mailing list