diff options
| author | Stefan Metzmacher <metze@samba.org> | 2006-04-03 14:39:46 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:00:12 -0500 |
| commit | 5559f5e3e5b283a4fe85984589d61598b14fcfff (patch) | |
| tree | cb1f7c52db85d10534af50b0c3040ca4a7ec295d /source4/dsdb | |
| parent | ed56a2c147befea36e40844d3d295fd74402b64f (diff) | |
| download | samba-5559f5e3e5b283a4fe85984589d61598b14fcfff.tar.gz samba-5559f5e3e5b283a4fe85984589d61598b14fcfff.tar.bz2 samba-5559f5e3e5b283a4fe85984589d61598b14fcfff.zip | |
r14891: fix a bug found by the ibm checker
the problem was that we shift with <<= (privilege-1)
and we called the function with privilege=0
add some checks to catch invalid privilege values
and hide the mask representation in privilege.c
metze
(This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
Diffstat (limited to 'source4/dsdb')
| -rw-r--r-- | source4/dsdb/samdb/samdb_privilege.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c index 6ca8aa7ae2..f2fc43967f 100644 --- a/source4/dsdb/samdb/samdb_privilege.c +++ b/source4/dsdb/samdb/samdb_privilege.c @@ -31,16 +31,14 @@ add privilege bits for one sid to a security_token */ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx, - const struct dom_sid *sid, - uint64_t *mask) + struct security_token *token, + const struct dom_sid *sid) { const char * const attrs[] = { "privilege", NULL }; struct ldb_message **res = NULL; struct ldb_message_element *el; int ret, i; char *sidstr; - - *mask = 0; sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid); NT_STATUS_HAVE_NO_MEMORY(sidstr); @@ -59,13 +57,13 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx, for (i=0;i<el->num_values;i++) { const char *priv_str = (const char *)el->values[i].data; - int privilege = sec_privilege_id(priv_str); + enum sec_privilege privilege = sec_privilege_id(priv_str); if (privilege == -1) { DEBUG(1,("Unknown privilege '%s' in samdb\n", priv_str)); continue; } - *mask |= sec_privilege_mask(privilege); + sec_privilege_set(token, privilege); } return NT_STATUS_OK; @@ -103,14 +101,12 @@ _PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token) token->privilege_mask = 0; for (i=0;i<token->num_sids;i++) { - uint64_t mask; - status = samdb_privilege_setup_sid(samctx, mem_ctx, - token->sids[i], &mask); + status = samdb_privilege_setup_sid(samctx, mem_ctx, + token, token->sids[i]); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); return status; } - token->privilege_mask |= mask; } talloc_free(mem_ctx); |