diff options
author | Tim Potter <tpot@samba.org> | 2002-09-15 23:40:55 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2002-09-15 23:40:55 +0000 |
commit | f3008f5463dbb7691ca32d48edaeb078e8846274 (patch) | |
tree | 895fdba8afbcfeed8d067d9d56cb3d5fd4823829 | |
parent | 479e82b8d8413c88989dfb091c21a0ba003ed005 (diff) | |
download | samba-f3008f5463dbb7691ca32d48edaeb078e8846274.tar.gz samba-f3008f5463dbb7691ca32d48edaeb078e8846274.tar.bz2 samba-f3008f5463dbb7691ca32d48edaeb078e8846274.zip |
Merge of 'other_sids' patch from appliance.
(This used to be commit 7decd4b3a9e6900ab35f7bf5b266361f308aa58d)
-rw-r--r-- | source3/auth/auth_util.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 78dc0d4ee4..ca90fc6f72 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -983,7 +983,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, (*server_info)->n_groups = n_lgroupSIDs; /* Create a 'combined' list of all SIDs we might want in the SD */ - all_group_SIDs = malloc(sizeof(DOM_SID) * (n_lgroupSIDs+info3->num_groups2)); + all_group_SIDs = malloc(sizeof(DOM_SID) * + (n_lgroupSIDs + info3->num_groups2 + + info3->num_other_sids)); if (!all_group_SIDs) { DEBUG(0, ("create_nt_token_info3: malloc() failed for DOM_SID list!\n")); SAFE_FREE(lgroupSIDs); @@ -1006,12 +1008,25 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, } } + /* Copy 'other' sids. We need to do sid filtering here to + prevent possible elevation of privileges. See: + + http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp + */ + + for (i = 0; i < info3->num_other_sids; i++) + sid_copy(&all_group_SIDs[ + n_lgroupSIDs + info3->num_groups2 + i], + &info3->other_sids[i].sid); + /* Where are the 'global' sids... */ /* can the user be guest? if yes, where is it stored? */ - if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token(&user_sid, &group_sid, - n_lgroupSIDs+info3->num_groups2, all_group_SIDs, - False, &token))) { + if (!NT_STATUS_IS_OK( + nt_status = create_nt_user_token( + &user_sid, &group_sid, + n_lgroupSIDs + info3->num_groups2 + info3->num_other_sids, + all_group_SIDs, False, &token))) { DEBUG(4,("create_nt_user_token failed\n")); SAFE_FREE(all_group_SIDs); return nt_status; |