mirror of
https://github.com/samba-team/samba.git
synced 2025-01-08 21:18:16 +03:00
da5c625e64
This function compares blobs that might be SID strings or might be SID
structures. Until now, if they were both (seemingly) strings, they were
compared as strings, otherwise if either was a string it was converted to
a structure blob, then the blobs were compared. This had two big problems:
1. There is variety in the way a SID can be stringified. For example,
"s-1-02-3" means the same SID as "S-1-2-3", but those wouldn't compare
equal.
2. SID comparison was crazily non-transitive. Consider the three values
a = "S-1-2-3-4-5",
b = "S-1-9-1",
c = SID("S-1-11-1"), where c is a struct and the others are string.
then we had,
a < b, because the 5th character '2' < '9'.
a > c, because when converted to a structure, the number of sub-auths
is the first varying byte. a has 3, c has 0.
b < c, because after the sub-auth count comes the id_auth value
(big-endian, which doesn't matter in this case).
That made the function unreliable for sorting, AND for simple equality
tests. Also it leaked.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| addns | ||
| afs | ||
| async_req | ||
| audit_logging | ||
| cmdline | ||
| compression | ||
| crypto | ||
| dbwrap | ||
| fuzzing | ||
| krb5_wrap | ||
| ldb | ||
| ldb-samba | ||
| messaging | ||
| mscat | ||
| param | ||
| printer_driver | ||
| pthreadpool | ||
| replace | ||
| smbconf | ||
| socket | ||
| talloc | ||
| tdb | ||
| tdb_wrap | ||
| tdr | ||
| tevent | ||
| texpect | ||
| torture | ||
| tsocket | ||
| util | ||
| README | ||
| wscript_build | ||
compression - Various compression algorithms (MSZIP, lzxpress)
popt - Command-line option parsing library
replace - Provides replacements for standard (POSIX, C99) functions
not provided by the host platform.
subunit - Utilities and bindings for working with the Subunit test result
reporting protocol.
talloc - Hierarchical pool based memory allocator
tdb - Simple but fast key/value database library, supporting multiple writers
torture - Simple unit testing helper library