1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

ldb-samba: simplify ldif_comparison_objectSid()

The ldif_comparision_objectSid_isString() call is both wrong
(disallowing "s-") and redundant, because ldif_read_objectSid() calls
dom_sid_parse(), which does the check properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2024-04-18 00:38:17 +12:00 committed by Andrew Bartlett
parent d801ed8b11
commit be5fd9a3a1

View File

@ -157,40 +157,31 @@ bool ldif_comparision_objectSid_isString(const struct ldb_val *v)
static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *v1, const struct ldb_val *v2)
{
bool v1_is_string = ldif_comparision_objectSid_isString(v1);
bool v2_is_string = ldif_comparision_objectSid_isString(v2);
struct ldb_val parsed_1 = {};
struct ldb_val parsed_2 = {};
struct ldb_val parsed_1 = {.data = NULL};
struct ldb_val parsed_2 = {.data = NULL};
int ret;
/*
* If the ldb_vals look like SID strings (i.e. start with "S-"
* or "s-"), we try to parse them as such. If that fails, we
* assume they are binary SIDs, even though that's not really
* possible -- the first two bytes of a struct dom_sid are the
* version (1), and the number of sub-auths (<= 15), neither
* of which are close to 'S' or '-'.
* or "s-"), we treat them as strings.
*
* It is not really possible for a blob to be both a SID string and a
* SID struct -- the first two bytes of a struct dom_sid (including in
* NDR form) are the version (1), and the number of sub-auths (<= 15),
* neither of which are close to 'S' or '-'.
*/
if (v1_is_string) {
int r = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1);
if (r == 0) {
v1 = &parsed_1;
}
ret = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1);
if (ret == 0) {
v1 = &parsed_1;
}
if (v2_is_string) {
int r = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2);
if (r == 0) {
v2 = &parsed_2;
}
ret = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2);
if (ret == 0) {
v2 = &parsed_2;
}
ret = ldb_comparison_binary(ldb, mem_ctx, v1, v2);
if (v1_is_string) {
TALLOC_FREE(parsed_1.data);
}
if (v2_is_string) {
TALLOC_FREE(parsed_2.data);
}
TALLOC_FREE(parsed_1.data);
TALLOC_FREE(parsed_2.data);
return ret;
}