[PATCH] A few more cleanups
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Nov 26 20:23:42 UTC 2018
Mostly dom_sid_str_buf, but one other one.
Review appreciated!
Thanks, Volker
--
Besuchen Sie die verinice.XP 2019 in Berlin!
Anwenderkonferenz für Informationssicherheit
26.-28. Februar 2019 - im Hotel Radisson Blu
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From fbbe388f80cbb927dea23b51584393bc182c2083 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 12:34:50 +0100
Subject: [PATCH 01/11] libads: Give krb5_errs.c its own header
The protos were declared in lib/krb5_wrap but the functions are not
available there.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/krb5_samba.h | 3 ---
source3/libads/ads_status.c | 1 +
source3/libads/authdata.c | 1 +
source3/libads/kerberos.c | 1 +
source3/libads/krb5_errs.c | 2 ++
source3/libads/krb5_errs.h | 30 ++++++++++++++++++++++++++++++
source3/libnet/libnet_dssync.c | 1 +
source3/libnet/libnet_dssync_keytab.c | 1 +
source3/libsmb/cliconnect.c | 1 +
source3/passdb/machine_account_secrets.c | 1 +
source3/winbindd/winbindd_cred_cache.c | 1 +
source3/winbindd/winbindd_pam.c | 1 +
12 files changed, 41 insertions(+), 3 deletions(-)
create mode 100644 source3/libads/krb5_errs.h
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 8305c1f77af..fb3cb5f2ad8 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -188,9 +188,6 @@ krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *cli
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr,
const char *netbios_name);
krb5_error_code smb_krb5_free_addresses(krb5_context context, smb_krb5_addresses *addr);
-NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
-krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
-
krb5_enctype smb_krb5_kt_get_enctype_from_entry(krb5_keytab_entry *kt_entry);
krb5_error_code smb_krb5_enctype_to_string(krb5_context context,
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index 70569949aeb..fb3646386ca 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -25,6 +25,7 @@
#include "system/gssapi.h"
#include "smb_ldap.h"
#include "libads/ads_status.h"
+#include "krb5_errs.h"
/*
build a ADS_STATUS structure
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index d8a6487dc27..86a1be71bf9 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -32,6 +32,7 @@
#include "auth/gensec/gensec.h"
#include "auth/gensec/gensec_internal.h" /* TODO: remove this */
#include "../libcli/auth/spnego.h"
+#include "krb5_errs.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 58f38cdc55d..418e5a72243 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -31,6 +31,7 @@
#include "secrets.h"
#include "../lib/tsocket/tsocket.h"
#include "lib/util/asn1.h"
+#include "krb5_errs.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/krb5_errs.c b/source3/libads/krb5_errs.c
index 8eb5d8247b1..0c2ada59966 100644
--- a/source3/libads/krb5_errs.c
+++ b/source3/libads/krb5_errs.c
@@ -20,6 +20,8 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "krb5_errs.h"
+
#ifdef HAVE_KRB5
static const struct {
diff --git a/source3/libads/krb5_errs.h b/source3/libads/krb5_errs.h
new file mode 100644
index 00000000000..57b6391ff74
--- /dev/null
+++ b/source3/libads/krb5_errs.h
@@ -0,0 +1,30 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Kerberos error mapping functions
+ * Copyright (C) Guenther Deschner 2005
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __KRB5_ERRS_H__
+#define __KRB5_ERRS_H__
+
+#include "replace.h"
+#include "libcli/util/ntstatus.h"
+#include <krb5.h>
+
+NTSTATUS krb5_to_nt_status(krb5_error_code kerberos_error);
+krb5_error_code nt_status_to_krb5(NTSTATUS nt_status);
+
+#endif
diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c
index e593ae8536c..2b6995bd566 100644
--- a/source3/libnet/libnet_dssync.c
+++ b/source3/libnet/libnet_dssync.c
@@ -25,6 +25,7 @@
#include "rpc_client/cli_pipe.h"
#include "../libcli/drsuapi/drsuapi.h"
#include "../librpc/gen_ndr/ndr_drsuapi_c.h"
+#include "libads/krb5_errs.h"
/****************************************************************
****************************************************************/
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index 8999a3535fb..7526cd3294e 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -23,6 +23,7 @@
#include "libnet/libnet_dssync.h"
#include "libnet/libnet_keytab.h"
#include "librpc/gen_ndr/ndr_drsblobs.h"
+#include "libads/krb5_errs.h"
#if defined(HAVE_ADS)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 837299d9220..0a54d47227a 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -41,6 +41,7 @@
#include "../libcli/smb/smb_seal.h"
#include "lib/param/param.h"
#include "../libcli/smb/smb2_negotiate_context.h"
+#include "libads/krb5_errs.h"
#define STAR_SMBSERVER "*SMBSERVER"
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index d8ffcaa7fb6..b816b3aa7f8 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -37,6 +37,7 @@
#include "lib/krb5_wrap/krb5_samba.h"
#include "lib/util/time_basic.h"
#include "../libds/common/flags.h"
+#include "libads/krb5_errs.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_PASSDB
diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index c7332297982..85ad426446a 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -26,6 +26,7 @@
#include "../libcli/auth/libcli_auth.h"
#include "smb_krb5.h"
#include "libads/kerberos_proto.h"
+#include "libads/krb5_errs.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index a02926decb2..873c2f6d3e8 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -45,6 +45,7 @@
#include "lib/afs/afs_funcs.h"
#include "libsmb/samlogon_cache.h"
#include "rpc_client/util_netlogon.h"
+#include "libads/krb5_errs.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
--
2.11.0
From 3dd1c0eda5574e6591f6d8aa15112a44a2d1a198 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 08:49:44 +0100
Subject: [PATCH 02/11] libgpo: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libgpo/gpo_reg.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/libgpo/gpo_reg.c b/libgpo/gpo_reg.c
index 18d0498c7e9..cb4e5c87c88 100644
--- a/libgpo/gpo_reg.c
+++ b/libgpo/gpo_reg.c
@@ -26,6 +26,7 @@
#include "registry/reg_api_util.h"
#include "registry/reg_init_basic.h"
#include "../libcli/security/security.h"
+#include "libcli/security/dom_sid.h"
#include "../libcli/registry/util_reg.h"
@@ -306,12 +307,17 @@ static const char *gp_reg_groupmembership_path(TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
uint32_t flags)
{
+ struct dom_sid_buf sidbuf;
+
if (flags & GPO_LIST_FLAG_MACHINE) {
return "GroupMembership";
}
- return talloc_asprintf(mem_ctx, "%s\\%s", sid_string_tos(sid),
- "GroupMembership");
+ return talloc_asprintf(
+ mem_ctx,
+ "%s\\%s",
+ dom_sid_str_buf(sid, &sidbuf),
+ "GroupMembership");
}
/****************************************************************
@@ -435,11 +441,17 @@ static const char *gp_req_state_path(TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
uint32_t flags)
{
+ struct dom_sid_buf sidbuf;
+
if (flags & GPO_LIST_FLAG_MACHINE) {
return GPO_REG_STATE_MACHINE;
}
- return talloc_asprintf(mem_ctx, "%s\\%s", "State", sid_string_tos(sid));
+ return talloc_asprintf(
+ mem_ctx,
+ "%s\\%s",
+ "State",
+ dom_sid_str_buf(sid, &sidbuf));
}
/****************************************************************
--
2.11.0
From 31c214cbbaa6ed8b0ac0dba87940d744ea2c4a8c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 08:50:47 +0100
Subject: [PATCH 03/11] libgpo: Align integer types
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libgpo/gpo_reg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libgpo/gpo_reg.c b/libgpo/gpo_reg.c
index cb4e5c87c88..644b4d36d62 100644
--- a/libgpo/gpo_reg.c
+++ b/libgpo/gpo_reg.c
@@ -348,7 +348,7 @@ static WERROR gp_reg_store_groupmembership(TALLOC_CTX *mem_ctx,
{
struct registry_key *key = NULL;
WERROR werr;
- int i = 0;
+ uint32_t i = 0;
const char *valname = NULL;
const char *path = NULL;
const char *val = NULL;
--
2.11.0
From 3bc62cedd464e1295df5d68b476817354d5bda6c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 08:55:13 +0100
Subject: [PATCH 04/11] winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_getgroups.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/winbindd/winbindd_getgroups.c b/source3/winbindd/winbindd_getgroups.c
index 16c06395d70..39a8c3556cf 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "winbindd.h"
#include "passdb/lookup_sid.h" /* only for LOOKUP_NAME_NO_NSS flag */
+#include "libcli/security/dom_sid.h"
struct winbindd_getgroups_state {
struct tevent_context *ev;
@@ -204,6 +205,8 @@ static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq)
}
if (!include_gid) {
+ struct dom_sid_buf sidbuf;
+
if (debug_missing == NULL) {
continue;
}
@@ -214,7 +217,7 @@ static void winbindd_getgroups_sid2gid_done(struct tevent_req *subreq)
"This might be a security problem when ACLs "
"contain DENY ACEs!\n",
(unsigned)xids[i].id,
- sid_string_tos(&state->sids[i]),
+ dom_sid_str_buf(&state->sids[i], &sidbuf),
debug_missing));
continue;
}
--
2.11.0
From 6536c62ffc6408b71d011d9a61324e84da32bf3b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 08:53:45 +0100
Subject: [PATCH 05/11] winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_getusersids.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/source3/winbindd/winbindd_getusersids.c b/source3/winbindd/winbindd_getusersids.c
index 024bad2b9e5..9a6a24107b9 100644
--- a/source3/winbindd/winbindd_getusersids.c
+++ b/source3/winbindd/winbindd_getusersids.c
@@ -104,13 +104,11 @@ NTSTATUS winbindd_getusersids_recv(struct tevent_req *req,
}
for (i=0; i<state->num_sids; i++) {
- char *str = sid_string_tos(&state->sids[i]);
- if (str == NULL) {
- TALLOC_FREE(result);
- return NT_STATUS_NO_MEMORY;
- }
- result = talloc_asprintf_append_buffer(result, "%s\n", str);
- TALLOC_FREE(str);
+ struct dom_sid_buf sidbuf;
+ result = talloc_asprintf_append_buffer(
+ result,
+ "%s\n",
+ dom_sid_str_buf(&state->sids[i], &sidbuf));
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
--
2.11.0
From eb8c58592c89f8653195f6acbfa3991dbd9b5efa Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 08:58:59 +0100
Subject: [PATCH 06/11] winbind: Use dom_sid_str_buf
Also fix a DBG format string specifier
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/wb_lookupsids.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index af02a0c9547..5c73d3843ea 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -251,13 +251,16 @@ static bool wb_lookupsids_next(struct tevent_req *req,
static bool wb_lookupsids_bulk(const struct dom_sid *sid)
{
+ struct dom_sid_buf sidbuf;
+
if (sid->num_auths != 5) {
/*
* Only do "S-1-5-21-x-y-z-rid" domains via bulk
* lookup
*/
- DEBUG(10, ("No bulk setup for SID %s with %d subauths\n",
- sid_string_dbg(sid), sid->num_auths));
+ DBG_DEBUG("No bulk setup for SID %s with %"PRIi8" subauths\n",
+ dom_sid_str_buf(sid, &sidbuf),
+ sid->num_auths);
return false;
}
@@ -265,7 +268,8 @@ static bool wb_lookupsids_bulk(const struct dom_sid *sid)
/*
* Passdb lookup via lookuprids
*/
- DEBUG(10, ("%s is in our domain\n", sid_string_tos(sid)));
+ DBG_DEBUG("%s is in our domain\n",
+ dom_sid_str_buf(sid, &sidbuf));
return true;
}
--
2.11.0
From 2b884bfd88f771746cdd4e7e8fe963c50652e29f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 23 Nov 2018 09:03:13 +0100
Subject: [PATCH 07/11] winbind: Fix "wbint_Principals" definition
A signed integer does not make any sense for an IDL array length
Signed-off-by: Volker Lendecke <vl at samba.org>
---
librpc/idl/winbind.idl | 2 +-
source3/winbindd/wb_query_user_list.c | 2 +-
source3/winbindd/winbindd_lookuprids.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/librpc/idl/winbind.idl b/librpc/idl/winbind.idl
index f5e3507bff5..258dd284ad5 100644
--- a/librpc/idl/winbind.idl
+++ b/librpc/idl/winbind.idl
@@ -120,7 +120,7 @@ interface winbind
} wbint_Principal;
typedef [public] struct {
- int num_principals;
+ uint32 num_principals;
[size_is(num_principals)] wbint_Principal principals[];
} wbint_Principals;
diff --git a/source3/winbindd/wb_query_user_list.c b/source3/winbindd/wb_query_user_list.c
index 6d699875e9b..5e80aae8469 100644
--- a/source3/winbindd/wb_query_user_list.c
+++ b/source3/winbindd/wb_query_user_list.c
@@ -93,7 +93,7 @@ static void wb_query_user_list_done(struct tevent_req *subreq)
struct wb_query_user_list_state *state = tevent_req_data(
req, struct wb_query_user_list_state);
NTSTATUS status, result;
- int i;
+ uint32_t i;
status = dcerpc_wbint_LookupRids_recv(subreq, state, &result);
TALLOC_FREE(subreq);
diff --git a/source3/winbindd/winbindd_lookuprids.c b/source3/winbindd/winbindd_lookuprids.c
index 6d0c0efd429..ed5d951e7de 100644
--- a/source3/winbindd/winbindd_lookuprids.c
+++ b/source3/winbindd/winbindd_lookuprids.c
@@ -117,7 +117,7 @@ NTSTATUS winbindd_lookuprids_recv(struct tevent_req *req,
req, struct winbindd_lookuprids_state);
NTSTATUS status;
char *result;
- int i;
+ uint32_t i;
if (tevent_req_is_nterror(req, &status)) {
DEBUG(5, ("Lookuprids failed: %s\n",nt_errstr(status)));
--
2.11.0
From d71992fd1a988d90bd8d5b4588a949c56c00243a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 24 Nov 2018 13:14:23 +0100
Subject: [PATCH 08/11] idmap_cache: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/idmap_cache.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source3/lib/idmap_cache.c b/source3/lib/idmap_cache.c
index 1d87bbdec45..77618dd5aa1 100644
--- a/source3/lib/idmap_cache.c
+++ b/source3/lib/idmap_cache.c
@@ -414,6 +414,7 @@ bool idmap_cache_del_sid(const struct dom_sid *sid)
bool ret = true;
bool expired;
struct unixid id;
+ struct dom_sid_buf sidbuf;
const char *sid_key;
if (!idmap_cache_find_sid2unixid(sid, &id, &expired)) {
@@ -438,7 +439,7 @@ bool idmap_cache_del_sid(const struct dom_sid *sid)
}
}
- sid_key = key_sid2xid_str(mem_ctx, dom_sid_string(mem_ctx, sid));
+ sid_key = key_sid2xid_str(mem_ctx, dom_sid_str_buf(sid, &sidbuf));
if (sid_key == NULL) {
return false;
}
--
2.11.0
From d13bf0e2b710f3072c4bb0c7da28219d13a1e312 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 24 Nov 2018 13:16:56 +0100
Subject: [PATCH 09/11] libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/security/secdesc.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 8cf44347c7c..53e0e023a7b 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -492,6 +492,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
const struct dom_sid *ptrustee = &ace->trustee;
const struct dom_sid *creator = NULL;
uint8_t new_flags = ace->flags;
+ struct dom_sid_buf sidbuf1, sidbuf2;
if (!is_inheritable_ace(ace, container)) {
continue;
@@ -540,9 +541,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
- dom_sid_string(frame, &ace->trustee),
+ dom_sid_str_buf(&ace->trustee, &sidbuf1),
ace->type, ace->flags, ace->access_mask,
- dom_sid_string(frame, &new_ace->trustee),
+ dom_sid_str_buf(&new_ace->trustee, &sidbuf2),
new_ace->type, new_ace->flags,
new_ace->access_mask));
@@ -565,9 +566,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
- dom_sid_string(frame, &ace->trustee),
+ dom_sid_str_buf(&ace->trustee, &sidbuf1),
ace->type, ace->flags, ace->access_mask,
- dom_sid_string(frame, &new_ace->trustee),
+ dom_sid_str_buf(&new_ace->trustee, &sidbuf2),
new_ace->type, new_ace->flags,
new_ace->access_mask));
--
2.11.0
From 701bb38006dd7226af0551f9bac9a765da5e8eac Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 24 Nov 2018 13:16:56 +0100
Subject: [PATCH 10/11] libcli: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/security/security_token.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libcli/security/security_token.c b/libcli/security/security_token.c
index 2e5a87be504..de75033deae 100644
--- a/libcli/security/security_token.c
+++ b/libcli/security/security_token.c
@@ -62,8 +62,11 @@ void security_token_debug(int dbg_class, int dbg_lev, const struct security_toke
DEBUGC(dbg_class, dbg_lev, ("Security token SIDs (%lu):\n",
(unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) {
- DEBUGADDC(dbg_class, dbg_lev, (" SID[%3lu]: %s\n", (unsigned long)i,
- dom_sid_string(mem_ctx, &token->sids[i])));
+ struct dom_sid_buf sidbuf;
+ DEBUGADDC(dbg_class,
+ dbg_lev,
+ (" SID[%3lu]: %s\n", (unsigned long)i,
+ dom_sid_str_buf(&token->sids[i], &sidbuf)));
}
security_token_debug_privileges(dbg_class, dbg_lev, token);
--
2.11.0
From 713af3eeebc717c86e2b29985c1fd2bc791692db Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 24 Nov 2018 13:25:25 +0100
Subject: [PATCH 11/11] winbind: Use dom_sid_str_buf
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_pam.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 873c2f6d3e8..b7eb17556a4 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -140,17 +140,13 @@ static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx,
}
for (i=0; i < info3->sidcount; i++) {
- char *sid;
+ struct dom_sid_buf sidbuf;
- sid = dom_sid_string(frame, info3->sids[i].sid);
- if (sid == NULL) {
- status = NT_STATUS_NO_MEMORY;
- goto out;
- }
-
- ex = talloc_asprintf_append_buffer(ex, "%s:0x%08X\n",
- sid,
- info3->sids[i].attributes);
+ ex = talloc_asprintf_append_buffer(
+ ex,
+ "%s:0x%08X\n",
+ dom_sid_str_buf(info3->sids[i].sid, &sidbuf),
+ info3->sids[i].attributes);
if (ex == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
--
2.11.0
More information about the samba-technical
mailing list