diff options
author | Volker Lendecke <vlendec@samba.org> | 2005-01-23 14:10:57 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:08 -0500 |
commit | fcfc94a66ac66af1f12cb5924df31e936bca3dc9 (patch) | |
tree | cad469a887efc1ad89b4337d2752a2d9077bd560 | |
parent | f6fed0082bfaf40e9d213f3ed1613c2377c73d4f (diff) | |
download | samba-fcfc94a66ac66af1f12cb5924df31e936bca3dc9.tar.gz samba-fcfc94a66ac66af1f12cb5924df31e936bca3dc9.tar.bz2 samba-fcfc94a66ac66af1f12cb5924df31e936bca3dc9.zip |
r4946: Our notion the other_sids in the info3 SamLogon struct was
...hmmm... completely bogus. This does not affect us as a domain controller,
as we never set other_sids, but I have *no* idea how winbind got away with it.
Please review thoroughly, samba4 idl looks closer to reality here.
Test case: Member of w2k3 domain, authenticate as a user who is member of one
or more domain local groups. Easiest review with 'client schannel = no'.
Thanks,
Volker
(This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
-rw-r--r-- | source3/include/rpc_netlogon.h | 3 | ||||
-rw-r--r-- | source3/rpc_parse/parse_net.c | 45 |
2 files changed, 34 insertions, 14 deletions
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h index b865d05b34..3ba1ce6465 100644 --- a/source3/include/rpc_netlogon.h +++ b/source3/include/rpc_netlogon.h @@ -190,9 +190,8 @@ typedef struct net_user_info_3 DOM_SID2 dom_sid; /* domain SID */ - uint32 num_other_groups; /* other groups */ - DOM_GID *other_gids; /* group info */ DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */ + uint32 *other_sids_attrib; } NET_USER_INFO_3; diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c index 5f1d4b622e..b26083b89e 100644 --- a/source3/rpc_parse/parse_net.c +++ b/source3/rpc_parse/parse_net.c @@ -1646,31 +1646,52 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth)) /* domain SID */ return False; - if (usr->num_other_sids) { + if (usr->buffer_other_sids) { + + uint32 num_other_sids = usr->num_other_sids; + + if (!prs_uint32("num_other_sids", ps, depth, + &num_other_sids)) + return False; + + if (num_other_sids != usr->num_other_sids) + return False; if (UNMARSHALLING(ps)) { usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); - if (usr->other_sids == NULL) + usr->other_sids_attrib = + PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); + + if ((num_other_sids != 0) && + ((usr->other_sids == NULL) || + (usr->other_sids_attrib == NULL))) return False; } - - if(!prs_uint32("num_other_groups", ps, depth, &usr->num_other_groups)) - return False; - if (UNMARSHALLING(ps) && usr->num_other_groups > 0) { - usr->other_gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_other_groups); - if (usr->other_gids == NULL) + /* First the pointers to the SIDS and attributes */ + + depth++; + + for (i=0; i<usr->num_other_sids; i++) { + uint32 ptr = 1; + + if (!prs_uint32("sid_ptr", ps, depth, &ptr)) return False; - } - - for (i = 0; i < usr->num_other_groups; i++) { - if(!smb_io_gid("", &usr->other_gids[i], ps, depth)) /* other GIDs */ + + if (UNMARSHALLING(ps) && (ptr == 0)) + return False; + + if (!prs_uint32("attribute", ps, depth, + &usr->other_sids_attrib[i])) return False; } + for (i = 0; i < usr->num_other_sids; i++) { if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */ return False; } + + depth--; } return True; |