summaryrefslogtreecommitdiff
path: root/source3/passdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-01-05 23:18:06 +0000
committerAndrew Bartlett <abartlet@samba.org>2004-01-05 23:18:06 +0000
commit8dd0f9538cbe2765c5645086ade3e77010e7327d (patch)
tree2b8e4951f7a4ec70ce1806ba38e83d2406e01ce2 /source3/passdb
parentfc9892ba7d6d116896793ad83cf1b51aa15c97be (diff)
downloadsamba-8dd0f9538cbe2765c5645086ade3e77010e7327d.tar.gz
samba-8dd0f9538cbe2765c5645086ade3e77010e7327d.tar.bz2
samba-8dd0f9538cbe2765c5645086ade3e77010e7327d.zip
(merge from 3.0)
Check the return value of string_to_sid in a few more places. (But string_to_sid also needs to be less permissive on what it thinks are valid sids...) Andrew Bartlett (This used to be commit 74ea8682e4b5c78f456cc9284e953e35e4146a8b)
Diffstat (limited to 'source3/passdb')
-rw-r--r--source3/passdb/pdb_ldap.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index a1ac042410..1f44f5ab60 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1693,7 +1693,11 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID)));
return False;
}
- string_to_sid(&map->sid, temp);
+
+ if (!string_to_sid(&map->sid, temp)) {
+ DEBUG(1, ("SID string [%s] could not be read as a valid SID\n", temp));
+ return False;
+ }
if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry,
get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) {
@@ -1749,6 +1753,7 @@ static BOOL init_ldap_from_group(LDAP *ldap_struct,
*mods = NULL;
sid_to_string(tmp, &map->sid);
+
smbldap_make_mod(ldap_struct, existing, mods,
get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), tmp);
pstr_sprintf(tmp, "%i", map->sid_name_use);
@@ -2362,7 +2367,10 @@ and will risk BDCs having inconsistant SIDs\n"));
get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID),
domain_sid_string)) {
BOOL found_sid;
- string_to_sid(&ldap_domain_sid, domain_sid_string);
+ if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) {
+ DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be read as a valid SID\n", domain_sid_string));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid);
if (!found_sid || !sid_equal(&secrets_domain_sid, &ldap_domain_sid)) {
/* reset secrets.tdb sid */