diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-12-26 03:14:31 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-12-26 03:14:31 +0000 |
commit | 66f039d58cd21fdc4039866b9d804576a54967ee (patch) | |
tree | 661746300735b383db4e07c8bfcf1def75ac8c21 | |
parent | 988f561477d1cdd196ca6281ffccb412a6e000cb (diff) | |
download | samba-66f039d58cd21fdc4039866b9d804576a54967ee.tar.gz samba-66f039d58cd21fdc4039866b9d804576a54967ee.tar.bz2 samba-66f039d58cd21fdc4039866b9d804576a54967ee.zip |
Check the return value of string_to_sid in a few more places. (But
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)
Andrew Bartlett
(This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)
-rw-r--r-- | source3/passdb/pdb_ldap.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a1ac042410..1f44f5ab60 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1693,7 +1693,11 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state, get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID))); return False; } - string_to_sid(&map->sid, temp); + + if (!string_to_sid(&map->sid, temp)) { + DEBUG(1, ("SID string [%s] could not be read as a valid SID\n", temp)); + return False; + } if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) { @@ -1749,6 +1753,7 @@ static BOOL init_ldap_from_group(LDAP *ldap_struct, *mods = NULL; sid_to_string(tmp, &map->sid); + smbldap_make_mod(ldap_struct, existing, mods, get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), tmp); pstr_sprintf(tmp, "%i", map->sid_name_use); @@ -2362,7 +2367,10 @@ and will risk BDCs having inconsistant SIDs\n")); get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), domain_sid_string)) { BOOL found_sid; - string_to_sid(&ldap_domain_sid, domain_sid_string); + if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) { + DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be read as a valid SID\n", domain_sid_string)); + return NT_STATUS_INVALID_PARAMETER; + } found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid); if (!found_sid || !sid_equal(&secrets_domain_sid, &ldap_domain_sid)) { /* reset secrets.tdb sid */ |