summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-04-03 14:39:46 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:00:12 -0500
commit5559f5e3e5b283a4fe85984589d61598b14fcfff (patch)
treecb1f7c52db85d10534af50b0c3040ca4a7ec295d /source4/dsdb
parented56a2c147befea36e40844d3d295fd74402b64f (diff)
downloadsamba-5559f5e3e5b283a4fe85984589d61598b14fcfff.tar.gz
samba-5559f5e3e5b283a4fe85984589d61598b14fcfff.tar.bz2
samba-5559f5e3e5b283a4fe85984589d61598b14fcfff.zip
r14891: fix a bug found by the ibm checker
the problem was that we shift with <<= (privilege-1) and we called the function with privilege=0 add some checks to catch invalid privilege values and hide the mask representation in privilege.c metze (This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/samdb_privilege.c16
1 files changed, 6 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
index 6ca8aa7ae2..f2fc43967f 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -31,16 +31,14 @@
add privilege bits for one sid to a security_token
*/
static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
- const struct dom_sid *sid,
- uint64_t *mask)
+ struct security_token *token,
+ const struct dom_sid *sid)
{
const char * const attrs[] = { "privilege", NULL };
struct ldb_message **res = NULL;
struct ldb_message_element *el;
int ret, i;
char *sidstr;
-
- *mask = 0;
sidstr = ldap_encode_ndr_dom_sid(mem_ctx, sid);
NT_STATUS_HAVE_NO_MEMORY(sidstr);
@@ -59,13 +57,13 @@ static NTSTATUS samdb_privilege_setup_sid(void *samctx, TALLOC_CTX *mem_ctx,
for (i=0;i<el->num_values;i++) {
const char *priv_str = (const char *)el->values[i].data;
- int privilege = sec_privilege_id(priv_str);
+ enum sec_privilege privilege = sec_privilege_id(priv_str);
if (privilege == -1) {
DEBUG(1,("Unknown privilege '%s' in samdb\n",
priv_str));
continue;
}
- *mask |= sec_privilege_mask(privilege);
+ sec_privilege_set(token, privilege);
}
return NT_STATUS_OK;
@@ -103,14 +101,12 @@ _PUBLIC_ NTSTATUS samdb_privilege_setup(struct security_token *token)
token->privilege_mask = 0;
for (i=0;i<token->num_sids;i++) {
- uint64_t mask;
- status = samdb_privilege_setup_sid(samctx, mem_ctx,
- token->sids[i], &mask);
+ status = samdb_privilege_setup_sid(samctx, mem_ctx,
+ token, token->sids[i]);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return status;
}
- token->privilege_mask |= mask;
}
talloc_free(mem_ctx);