summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-07-17 11:47:17 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:28:45 -0500
commit4b4a3c7df1b894c32473ee559185f6253b895800 (patch)
treea0358890bf9bc71b64c49323712074410a2f9b5f /source3/lib
parent307e51ed1420fcf9e91e8ac7c0a1689e13f3edec (diff)
downloadsamba-4b4a3c7df1b894c32473ee559185f6253b895800.tar.gz
samba-4b4a3c7df1b894c32473ee559185f6253b895800.tar.bz2
samba-4b4a3c7df1b894c32473ee559185f6253b895800.zip
r23928: Merge all "copy-info3-groups-to-sid-array" blocks to a sid_array_from_info3()
function. Guenther (This used to be commit 1e1e480115e37b3f4c85f979ddd800b8de0b9c57)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util_sid.c65
1 files changed, 65 insertions, 0 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 9915085f5a..7c6fc9b217 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -669,3 +669,68 @@ BOOL is_null_sid(const DOM_SID *sid)
static const DOM_SID null_sid = {0};
return sid_equal(sid, &null_sid);
}
+
+NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
+ const NET_USER_INFO_3 *info3,
+ DOM_SID **user_sids,
+ size_t *num_user_sids,
+ BOOL include_user_group_rid)
+{
+ DOM_SID sid;
+ DOM_SID *sid_array = NULL;
+ size_t num_sids = 0;
+ int i;
+
+ if (include_user_group_rid) {
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->user_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not add user SID from rid 0x%x\n",
+ info3->user_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->group_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->group_rid));
+
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ for (i = 0; i < info3->num_groups2; i++) {
+ if (!sid_compose(&sid, &(info3->dom_sid.sid),
+ info3->gids[i].g_rid)
+ || !add_sid_to_array(mem_ctx, &sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3,("could not append additional group rid 0x%x\n",
+ info3->gids[i].g_rid));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
+ /* Copy 'other' sids. We need to do sid filtering here to
+ prevent possible elevation of privileges. See:
+
+ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
+ */
+
+ for (i = 0; i < info3->num_other_sids; i++) {
+ if (!add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+ &sid_array, &num_sids)) {
+ DEBUG(3, ("could not add SID to array: %s\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ *user_sids = sid_array;
+ *num_user_sids = num_sids;
+
+ return NT_STATUS_OK;
+}