diff options
Diffstat (limited to 'libcli')
| -rw-r--r-- | libcli/ldap/ldap_ndr.c | 2 | ||||
| -rw-r--r-- | libcli/ldap/ldap_ndr.h | 2 | ||||
| -rw-r--r-- | libcli/security/dom_sid.c | 18 | ||||
| -rw-r--r-- | libcli/security/dom_sid.h | 2 | ||||
| -rw-r--r-- | libcli/util/werror.h | 7 |
5 files changed, 29 insertions, 2 deletions
diff --git a/libcli/ldap/ldap_ndr.c b/libcli/ldap/ldap_ndr.c index 3b40fbba25..6daaba3604 100644 --- a/libcli/ldap/ldap_ndr.c +++ b/libcli/ldap/ldap_ndr.c @@ -65,7 +65,7 @@ char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) /* encode a NDR GUID as a ldap filter element */ -char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid) +char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, const struct GUID *guid) { DATA_BLOB blob; NTSTATUS status; diff --git a/libcli/ldap/ldap_ndr.h b/libcli/ldap/ldap_ndr.h index ee1f702c78..df5ee478cb 100644 --- a/libcli/ldap/ldap_ndr.h +++ b/libcli/ldap/ldap_ndr.h @@ -5,7 +5,7 @@ char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value); char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); -char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid); +char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, const struct GUID *guid); NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid); #endif /* __LIBCLI_LDAP_LDAP_NDR_H__ */ diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 93f887134e..f94d952b4d 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -98,6 +98,24 @@ bool sid_append_rid(struct dom_sid *sid, uint32_t rid) return false; } +/* + See if 2 SIDs are in the same domain + this just compares the leading sub-auths +*/ +int dom_sid_compare_domain(const struct dom_sid *sid1, + const struct dom_sid *sid2) +{ + int n, i; + + n = MIN(sid1->num_auths, sid2->num_auths); + + for (i = n-1; i >= 0; --i) + if (sid1->sub_auths[i] != sid2->sub_auths[i]) + return sid1->sub_auths[i] - sid2->sub_auths[i]; + + return dom_sid_compare_auth(sid1, sid2); +} + /***************************************************************** Convert a string to a SID. Returns True on success, False on fail. *****************************************************************/ diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index e89253554e..ac8669d725 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -26,6 +26,8 @@ #include "librpc/gen_ndr/security.h" int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); +int dom_sid_compare_domain(const struct dom_sid *sid1, + const struct dom_sid *sid2); bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool dom_sid_parse(const char *sidstr, struct dom_sid *ret); struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr); diff --git a/libcli/util/werror.h b/libcli/util/werror.h index 3b717d2259..d89cd9c087 100644 --- a/libcli/util/werror.h +++ b/libcli/util/werror.h @@ -48,6 +48,13 @@ typedef uint32_t WERROR; }\ } while (0) +#define W_ERROR_HAVE_NO_MEMORY_AND_FREE(x, ctx) do { \ + if (!(x)) {\ + talloc_free(ctx); \ + return WERR_NOMEM;\ + }\ +} while (0) + #define W_ERROR_IS_OK_RETURN(x) do { \ if (W_ERROR_IS_OK(x)) {\ return x;\ |