mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
b621c59f64
These occur canonically when the indentifier authority is > 2^32, but also are accepted by Windows for any number. There is a tricky case with an "O:" or "G:" SID that is immediately followed by a "D:" dacl, because the "D" looks like a hex digit. When we detect this we need to subtract one from the length. We also need to do look out for trailing garbage. This was not an issue before because any string caught by the strspn(..., "-0123456789") would be either rejected or fully comsumed by dom_sid_parse_talloc(), but with hex digits, a string like "S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and the "x0xabcxxx-X" would be skipped over. That's why we switch to using dom_sid_parse_endp(), so we can compare the consumed length to the expected length. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
---|---|---|
.. | ||
access_check.c | ||
access_check.h | ||
create_descriptor.c | ||
display_sec.c | ||
display_sec.h | ||
dom_sid.c | ||
dom_sid.h | ||
object_tree.c | ||
privileges_private.h | ||
privileges.c | ||
privileges.h | ||
pysecurity.c | ||
sddl.c | ||
sddl.h | ||
secace.c | ||
secace.h | ||
secacl.c | ||
secacl.h | ||
secdesc.c | ||
secdesc.h | ||
security_descriptor.c | ||
security_descriptor.h | ||
security_token.c | ||
security_token.h | ||
security.h | ||
session.c | ||
session.h | ||
util_sid.c | ||
wscript_build |