summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/libcli/security/dom_sid.c17
-rw-r--r--source4/libcli/security/sddl.c1
-rw-r--r--source4/libcli/security/security_descriptor.c20
-rw-r--r--source4/librpc/idl/dom_sid.idl8
-rw-r--r--source4/librpc/ndr/ndr_dom_sid.c35
-rw-r--r--source4/torture/unix/whoami.c5
6 files changed, 36 insertions, 50 deletions
diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c
index 1a7519e362..d8a83f2abb 100644
--- a/source4/libcli/security/dom_sid.c
+++ b/source4/libcli/security/dom_sid.c
@@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
return NULL;
}
- ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths);
- if (!ret->sub_auths) {
- return NULL;
- }
-
ret->sid_rev_num = rev;
ret->id_auth[0] = 0;
ret->id_auth[1] = 0;
@@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
return NULL;
}
- ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths);
- if (!ret->sub_auths) {
- return NULL;
- }
-
ret->sid_rev_num = dom_sid->sid_rev_num;
ret->id_auth[0] = dom_sid->id_auth[0];
ret->id_auth[1] = dom_sid->id_auth[1];
@@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
/*
add a rid to a domain dom_sid to make a full dom_sid. This function
- returns a new sid in the suppplied memory context
+ returns a new sid in the supplied memory context
*/
struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
@@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
*sid = *domain_sid;
- sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1);
- if (!sid->sub_auths) {
- return NULL;
- }
- memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
sid->sub_auths[sid->num_auths] = rid;
sid->num_auths++;
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 09522f182a..a8d893f085 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
return false;
}
ace->trustee = *sid;
- talloc_steal(mem_ctx, sid->sub_auths);
talloc_free(sid);
return true;
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 882284dd9b..2bce8e8b08 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
goto failed;
}
- /* remapping array in trustee dom_sid from old acl to new acl */
-
- for (i = 0; i < oacl->num_aces; i++) {
- nacl->aces[i].trustee.sub_auths =
- (uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths,
- sizeof(uint32_t) * nacl->aces[i].trustee.num_auths);
-
- if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) {
- goto failed;
- }
- }
-
nacl->revision = oacl->revision;
nacl->size = oacl->size;
nacl->num_aces = oacl->num_aces;
@@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd,
}
acl->aces[acl->num_aces] = *ace;
- acl->aces[acl->num_aces].trustee.sub_auths =
- (uint32_t *)talloc_memdup(acl->aces,
- acl->aces[acl->num_aces].trustee.sub_auths,
- sizeof(uint32_t) *
- acl->aces[acl->num_aces].trustee.num_auths);
- if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
switch (acl->aces[acl->num_aces].type) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl
index 1fc8ee2165..40712fc371 100644
--- a/source4/librpc/idl/dom_sid.idl
+++ b/source4/librpc/idl/dom_sid.idl
@@ -22,13 +22,11 @@ cpp_quote("#define dom_sid0 dom_sid")
]
interface dom_sid
{
- /* a domain SID. Note that unlike Samba3 this contains a pointer,
- so you can't copy them using assignment */
- typedef [public,gensize,noprint,nosize] struct {
+ typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
uint8 sid_rev_num; /**< SID revision number */
[range(0,15)] int8 num_auths; /**< Number of sub-authorities */
uint8 id_auth[6]; /**< Identifier Authority */
- uint32 sub_auths[num_auths];
+ uint32 sub_auths[15];
} dom_sid;
/* id used to identify a endpoint, possibly in a cluster */
@@ -37,6 +35,4 @@ interface dom_sid
uint32 id2;
uint32 node;
} server_id;
-
}
-
diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c
index b986231b4f..9b2118f56a 100644
--- a/source4/librpc/ndr/ndr_dom_sid.c
+++ b/source4/librpc/ndr/ndr_dom_sid.c
@@ -137,8 +137,7 @@ enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct
/* handle a w2k bug which send random data in the buffer */
ZERO_STRUCTP(sid);
} else if (sid->num_auths == 0 && sid->sub_auths) {
- talloc_free(sid->sub_auths);
- sid->sub_auths = NULL;
+ ZERO_STRUCT(sid->sub_auths);
}
return NDR_ERR_SUCCESS;
@@ -215,3 +214,35 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s
return ndr_push_dom_sid(ndr, ndr_flags, sid);
}
+_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
+{
+ uint32_t cntr_sub_auths_0;
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 4));
+ NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
+ NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
+ NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+ for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
+{
+ uint32_t cntr_sub_auths_0;
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 4));
+ NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
+ NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
+ if (r->num_auths < 0 || r->num_auths > 15) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+ for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
+ }
+ }
+ return NDR_ERR_SUCCESS;
+}
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c
index 5e5a5e81cd..b72b9fcb09 100644
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -127,11 +127,6 @@ static bool sid_parse(void *mem_ctx,
torture_assert(torture, (*psid)->num_auths <= 15,
"invalid sub_auth value");
- (*psid)->sub_auths = talloc_array(mem_ctx, uint32_t,
- (*psid)->num_auths);
- torture_assert(torture, (*psid)->sub_auths != NULL,
- "out of memory");
-
for (i = 0; i < (*psid)->num_auths; i++) {
(*psid)->sub_auths[i] = IVAL(data->data, *offset);
(*offset) += 4;