Manually marshall dom_sid, so we can use a fixed size array for

author Jelmer Vernooij <jelmer@samba.org>

Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)

committer Jelmer Vernooij <jelmer@samba.org>

Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)
author Jelmer Vernooij <jelmer@samba.org>
Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)
committer Jelmer Vernooij <jelmer@samba.org>
Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)
diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c

index 1a7519e362988095b9bb945c7556a5f37f4adceb..d8a83f2abbce97e5f67b85c8523b6c88225a3c8f 100644 (file)
--- a/source4/libcli/security/dom_sid.c
+++ b/source4/libcli/security/dom_sid.c
@@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
                 return NULL;
         }
  
-       ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths);
-       if (!ret->sub_auths) {
-               return NULL;
-       }
-
         ret->sid_rev_num = rev;
         ret->id_auth[0] = 0;
         ret->id_auth[1] = 0;
@@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
                 return NULL;
         }
  
-       ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths);
-       if (!ret->sub_auths) {
-               return NULL;
-       }
-
         ret->sid_rev_num = dom_sid->sid_rev_num;
         ret->id_auth[0] = dom_sid->id_auth[0];
         ret->id_auth[1] = dom_sid->id_auth[1];
@@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
  
  /*
    add a rid to a domain dom_sid to make a full dom_sid. This function
-  returns a new sid in the suppplied memory context
+  returns a new sid in the supplied memory context
  */
  struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, 
                                 const struct dom_sid *domain_sid, 
@@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
  
         *sid = *domain_sid;
  
-       sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1);
-       if (!sid->sub_auths) {
-               return NULL;
-       }
-       memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
         sid->sub_auths[sid->num_auths] = rid;
         sid->num_auths++;
  
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c

index 09522f182a8b6f1d8746c5626eb176d24d851b0a..a8d893f0855ff13b544bee3797815d04bdfe8c6f 100644 (file)
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
                 return false;
         }
         ace->trustee = *sid;
-       talloc_steal(mem_ctx, sid->sub_auths);
         talloc_free(sid);
  
         return true;
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c

index 882284dd9b28ebe7ccd6aa7fae4d269971ccb128..2bce8e8b08a08a2ac3ecdb5583fefdaa291cab3c 100644 (file)
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
                 goto failed;
         }
  
-       /* remapping array in trustee dom_sid from old acl to new acl */
-
-       for (i = 0; i < oacl->num_aces; i++) {
-               nacl->aces[i].trustee.sub_auths = 
-                       (uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths,
-                                     sizeof(uint32_t) * nacl->aces[i].trustee.num_auths);
-
-               if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) {
-                       goto failed;
-               }
-       }
-
         nacl->revision = oacl->revision;
         nacl->size = oacl->size;
         nacl->num_aces = oacl->num_aces;
@@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd,
         }
  
         acl->aces[acl->num_aces] = *ace;
-       acl->aces[acl->num_aces].trustee.sub_auths =
-               (uint32_t *)talloc_memdup(acl->aces,
-                             acl->aces[acl->num_aces].trustee.sub_auths,
-                             sizeof(uint32_t) *
-                             acl->aces[acl->num_aces].trustee.num_auths);
-       if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) {
-               return NT_STATUS_NO_MEMORY;
-       }
  
         switch (acl->aces[acl->num_aces].type) {
         case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl

index 1fc8ee2165593449fa072493a8acfc5f3db1d992..40712fc3711cac5988d2241cac6a15466168f9d3 100644 (file)
--- a/source4/librpc/idl/dom_sid.idl
+++ b/source4/librpc/idl/dom_sid.idl
@@ -22,13 +22,11 @@ cpp_quote("#define dom_sid0 dom_sid")
  ]
  interface dom_sid
  {
-       /* a domain SID. Note that unlike Samba3 this contains a pointer,
-          so you can't copy them using assignment */
-       typedef [public,gensize,noprint,nosize] struct {
+       typedef [public,gensize,noprint,nosize,nopull,nopush] struct {
                 uint8  sid_rev_num;             /**< SID revision number */
                 [range(0,15)] int8  num_auths;  /**< Number of sub-authorities */
                 uint8  id_auth[6];              /**< Identifier Authority */
-               uint32 sub_auths[num_auths];
+               uint32 sub_auths[15];
         } dom_sid;
  
         /* id used to identify a endpoint, possibly in a cluster */
@@ -37,6 +35,4 @@ interface dom_sid
                 uint32 id2;
                 uint32 node;
         } server_id;
-
  }
-
diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c

index b986231b4f07192b9f11a53482d8393c0b5ffd3b..9b2118f56a150fd22af72f6edfb82bc4035fc735 100644 (file)
--- a/source4/librpc/ndr/ndr_dom_sid.c
+++ b/source4/librpc/ndr/ndr_dom_sid.c
@@ -137,8 +137,7 @@ enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct
                 /* handle a w2k bug which send random data in the buffer */
                 ZERO_STRUCTP(sid);
         } else if (sid->num_auths == 0 && sid->sub_auths) {
-               talloc_free(sid->sub_auths);
-               sid->sub_auths = NULL;
+               ZERO_STRUCT(sid->sub_auths);
         }
  
         return NDR_ERR_SUCCESS;
@@ -215,3 +214,35 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s
         return ndr_push_dom_sid(ndr, ndr_flags, sid);
  }
  
+_PUBLIC_ enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r)
+{
+       uint32_t cntr_sub_auths_0;
+       if (ndr_flags & NDR_SCALARS) {
+               NDR_CHECK(ndr_push_align(ndr, 4));
+               NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->sid_rev_num));
+               NDR_CHECK(ndr_push_int8(ndr, NDR_SCALARS, r->num_auths));
+               NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+               for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+                       NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sub_auths[cntr_sub_auths_0]));
+               }
+       }
+       return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_dom_sid(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *r)
+{
+       uint32_t cntr_sub_auths_0;
+       if (ndr_flags & NDR_SCALARS) {
+               NDR_CHECK(ndr_pull_align(ndr, 4));
+               NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num));
+               NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths));
+               if (r->num_auths < 0 || r->num_auths > 15) {
+                       return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+               }
+               NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6));
+               for (cntr_sub_auths_0 = 0; cntr_sub_auths_0 < r->num_auths; cntr_sub_auths_0++) {
+                       NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sub_auths[cntr_sub_auths_0]));
+               }
+       }
+       return NDR_ERR_SUCCESS;
+}
diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c

index 5e5a5e81cde1e8f38434e83b44f03a54b972a66c..b72b9fcb099de0af12dc993c121d8976d7ae6fe6 100644 (file)
--- a/source4/torture/unix/whoami.c
+++ b/source4/torture/unix/whoami.c
@@ -127,11 +127,6 @@ static bool sid_parse(void *mem_ctx,
         torture_assert(torture, (*psid)->num_auths <= 15,
                         "invalid sub_auth value");
  
-       (*psid)->sub_auths = talloc_array(mem_ctx, uint32_t,
-                       (*psid)->num_auths);
-       torture_assert(torture, (*psid)->sub_auths != NULL,
-                       "out of memory");
-
          for (i = 0; i < (*psid)->num_auths; i++) {
                  (*psid)->sub_auths[i] = IVAL(data->data, *offset);
                 (*offset) += 4;
author	Jelmer Vernooij <jelmer@samba.org>
	Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)
committer	Jelmer Vernooij <jelmer@samba.org>
	Fri, 12 Dec 2008 18:52:06 +0000 (19:52 +0100)
source4/libcli/security/dom_sid.c		patch \| blob \| history
source4/libcli/security/sddl.c		patch \| blob \| history
source4/libcli/security/security_descriptor.c		patch \| blob \| history
source4/librpc/idl/dom_sid.idl		patch \| blob \| history
source4/librpc/ndr/ndr_dom_sid.c		patch \| blob \| history
source4/torture/unix/whoami.c		patch \| blob \| history