sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-12 12:23:50 +03:00
Code Activity

r816: - Make use of tridge's new samdb_result_sid_prefix() helper function.

Browse Source 
- Remove legacy sid_to_string (which contained a memleak)

 - Remove some unused parts of lib/util_sid.c

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
2004-05-22 07:55:48 +00:00
committed by Gerald (Jerry) Carter
parent b4b67c3301
commit 7c69a85984
5 changed files with 29 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
source/auth/auth_sam.c
View File

@@ -183,14 +183,13 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
uint_t ret_domain; uint_t ret_domain;
const char *domain_dn; const char *domain_dn;
const char *domain_sid;
NTSTATUS nt_status; NTSTATUS nt_status;
DATA_BLOB user_sess_key = data_blob(NULL, 0); DATA_BLOB user_sess_key = data_blob(NULL, 0);
DATA_BLOB lm_sess_key = data_blob(NULL, 0); DATA_BLOB lm_sess_key = data_blob(NULL, 0);
uint8 *lm_pwd, *nt_pwd; uint8 *lm_pwd, *nt_pwd;
struct dom_sid *domain_sid;
const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash", const char *attrs[] = {"unicodePwd", "lmPwdHash", "ntPwdHash",
"userAccountControl", "userAccountControl",
"pwdLastSet", "pwdLastSet",
@@ -228,28 +227,27 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
domain_sid = dom_sid_parse_talloc(mem_ctx, samdb_result_string(msgs[0], "objectSid", NULL)); domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
if (!domain_sid) { if (!domain_sid) {
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
sid_split_rid(domain_sid, NULL);
/* find the domain's DN */ /* find the domain's DN */
ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs, ret_domain = samdb_search(sam_ctx, mem_ctx, NULL, &msgs_domain, domain_attrs,
"(&(objectSid=%s)(objectclass=domain))", "(&(objectSid=%s)(objectclass=domain))",
dom_sid_string(mem_ctx, domain_sid)); domain_sid);
if (ret_domain == 0) { if (ret_domain == 0) {
DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
dom_sid_string(mem_ctx, domain_sid))); domain_sid));
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER; return NT_STATUS_NO_SUCH_USER;
} }
if (ret_domain > 1) { if (ret_domain > 1) {
DEBUG(1,("Found %d records matching domain [%s]\n", ret_domain, dom_sid_string(mem_ctx, domain_sid))); DEBUG(1,("Found %d records matching domain [%s]\n",
ret_domain, domain_sid));
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }

14
source/auth/auth_util.c
View File

@@ -390,7 +390,8 @@ BOOL make_user_info_guest(auth_usersupplied_info **user_info)
void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token) void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
{ {
fstring sid_str; TALLOC_CTX *mem_ctx;
size_t i; size_t i;
if (!token) { if (!token) {
@@ -398,12 +399,19 @@ void debug_nt_user_token(int dbg_class, int dbg_lev, NT_USER_TOKEN *token)
return; return;
} }
mem_ctx = talloc_init("debug_nt_user_token()");
if (!mem_ctx) {
return;
}
DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n", DEBUGC(dbg_class, dbg_lev, ("NT user token of user %s\n",
sid_to_string(sid_str, token->user_sids[0]) )); dom_sid_string(mem_ctx, token->user_sids[0]) ));
DEBUGADDC(dbg_class, dbg_lev, ("contains %lu SIDs\n", (unsigned long)token->num_sids)); DEBUGADDC(dbg_class, dbg_lev, ("contains %lu SIDs\n", (unsigned long)token->num_sids));
for (i = 0; i < token->num_sids; i++) for (i = 0; i < token->num_sids; i++)
DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i, DEBUGADDC(dbg_class, dbg_lev, ("SID[%3lu]: %s\n", (unsigned long)i,
sid_to_string(sid_str, token->user_sids[i]))); dom_sid_string(mem_ctx, token->user_sids[i])));
talloc_destroy(mem_ctx);
} }
/**************************************************************************** /****************************************************************************

70
source/lib/util_sid.c
View File

@@ -143,76 +143,6 @@ void generate_wellknown_sids(void)
initialised = True; initialised = True;
} }
/**************************************************************************
Splits a name of format \DOMAIN\name or name into its two components.
Sets the DOMAIN name to lp_netbios_name() if it has not been specified.
***************************************************************************/
void split_domain_name(const char *fullname, char *domain, char *name)
{
pstring full_name;
const char *sep;
char *p;
sep = lp_winbind_separator();
*domain = *name = '\0';
if (fullname[0] == sep[0] || fullname[0] == '\\')
fullname++;
pstrcpy(full_name, fullname);
p = strchr_m(full_name+1, '\\');
if (!p) p = strchr_m(full_name+1, sep[0]);
if (p != NULL) {
*p = 0;
fstrcpy(domain, full_name);
fstrcpy(name, p+1);
} else {
fstrcpy(domain, lp_netbios_name());
fstrcpy(name, full_name);
}
DEBUG(10,("split_domain_name:name '%s' split into domain :'%s' and user :'%s'\n",
fullname, domain, name));
}
/*****************************************************************
Convert a SID to an ascii string.
*****************************************************************/
char *sid_to_string(fstring sidstr_out, const struct dom_sid *sid)
{
char *tmp_string;
TALLOC_CTX *mem_ctx;
if (!(mem_ctx = talloc_init("sid_to_string temp context"))) {
return NULL;
}
tmp_string = dom_sid_string(mem_ctx, sid);
if (!tmp_string)
return NULL;
fstrcpy(sidstr_out, tmp_string);
return sidstr_out;
}
/*****************************************************************
Removes the last rid from the end of a sid
*****************************************************************/
BOOL sid_split_rid(struct dom_sid *sid, uint32 *rid)
{
if (sid->num_auths > 0) {
sid->num_auths--;
if (rid)
*rid = sid->sub_auths[sid->num_auths];
return True;
}
return False;
}
/***************************************************************** /*****************************************************************
Return the last rid from the end of a sid Return the last rid from the end of a sid
*****************************************************************/ *****************************************************************/

27
source/rpc_server/netlogon/dcerpc_netlogon.c
View File

@@ -332,14 +332,13 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
int num_records; int num_records;
int num_records_domain; int num_records_domain;
int ret; int ret;
int i;
struct ldb_message **msgs; struct ldb_message **msgs;
struct ldb_message **msgs_domain; struct ldb_message **msgs_domain;
NTSTATUS nt_status; NTSTATUS nt_status;
struct samr_Hash newNtHash; struct samr_Hash newNtHash;
struct ldb_message mod, *msg_set_pw = &mod; struct ldb_message mod, *msg_set_pw = &mod;
const char *domain_dn; const char *domain_dn;
struct dom_sid *domain_sid; const char *domain_sid;
const char *attrs[] = {"objectSid", NULL const char *attrs[] = {"objectSid", NULL
}; };
@@ -379,32 +378,28 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
domain_sid = dom_sid_parse_talloc(mem_ctx, domain_sid = samdb_result_sid_prefix(mem_ctx, msgs[0], "objectSid");
samdb_result_string(msgs[0],
"objectSid",
NULL));
if (!domain_sid) { if (!domain_sid) {
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
sid_split_rid(domain_sid, NULL);
/* find the domain's DN */ /* find the domain's DN */
num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL, num_records_domain = samdb_search(sam_ctx, mem_ctx, NULL,
&msgs_domain, domain_attrs, &msgs_domain, domain_attrs,
"(&(objectSid=%s)(objectclass=domain))", "(&(objectSid=%s)(objectclass=domain))",
dom_sid_string(mem_ctx, domain_sid)); domain_sid);
if (num_records_domain == 0) { if (num_records_domain == 0) {
DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n", DEBUG(3,("check_sam_security: Couldn't find domain [%s] in passdb file.\n",
dom_sid_string(mem_ctx, domain_sid))); domain_sid));
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_NO_SUCH_USER; return NT_STATUS_NO_SUCH_USER;
} }
if (num_records_domain > 1) { if (num_records_domain > 1) {
DEBUG(1,("Found %d records matching domain [%s]\n", num_records_domain, dom_sid_string(mem_ctx, domain_sid))); DEBUG(1,("Found %d records matching domain [%s]\n",
num_records_domain, domain_sid));
samdb_close(sam_ctx); samdb_close(sam_ctx);
return NT_STATUS_INTERNAL_DB_CORRUPTION; return NT_STATUS_INTERNAL_DB_CORRUPTION;
} }
@@ -435,15 +430,7 @@ static NTSTATUS netr_ServerPasswordSet(struct dcesrv_call_state *dce_call, TALLO
return nt_status; return nt_status;
} }
/* mark all the message elements as LDB_FLAG_MOD_REPLACE, ret = samdb_replace(sam_ctx, mem_ctx, msg_set_pw);
unless they are already marked with some other flag */
for (i=0;i<mod.num_elements;i++) {
if (mod.elements[i].flags == 0) {
mod.elements[i].flags = LDB_FLAG_MOD_REPLACE;
}
}
ret = samdb_modify(sam_ctx, mem_ctx, msg_set_pw);
if (ret != 0) { if (ret != 0) {
/* we really need samdb.c to return NTSTATUS */ /* we really need samdb.c to return NTSTATUS */

13
source/torture/rpc/netlogon.c
View File

@@ -1050,15 +1050,12 @@ static BOOL test_SetPassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
printf("Credential chaining failed\n"); printf("Credential chaining failed\n");
} }
password = generate_random_str(mem_ctx, 8); /* by changing the machine password twice we test the
E_md4hash(password, r.in.new_password.data); credentials chaining fully, and we verify that the server
allows the password to be set to the same value twice in a
creds_des_encrypt(&creds, &r.in.new_password); row (match win2k3) */
/* by changing the machine password twice we test the credentials
chaining fully */
printf("Testing a second ServerPasswordSet on machine account\n"); printf("Testing a second ServerPasswordSet on machine account\n");
printf("Changing machine account password to '%s'\n", password); printf("Changing machine account password to '%s' (same as pervsious run)\n", password);
creds_client_authenticator(&creds, &r.in.credential); creds_client_authenticator(&creds, &r.in.credential);