setcifsacl: fix verify_ace_sid

The current method of trying to convert a name to a password struct and
then back to a SID is just weird. It also doesn't seem to work correctly.

Instead, look for a '\\' in the string. If there isn't one then try to
convert it directly to a SID.

If there is a '\\' or the direct-to-SID conversion didn't work, then
use wbcLookupName to do the conversion directly to a SID instead.

Also, fix the error handling. These routines return a wbcErr, so we
should use their macros to check whether it worked or not.

Signed-off-by: Jeff Layton <jlayton@samba.org>

diff --git a/setcifsacl.c b/setcifsacl.c
index d72d2d2b6b26db8e83783e4538d2e94f80cc7356..b64531cdd927b0fa760b42c8f7d0624aeb57854a 100644 (file)
--- a/setcifsacl.c
+++ b/setcifsacl.c
@@ -396,30 +396,30 @@ build_fetched_aces_ret:
 static int
 verify_ace_sid(char *sidstr, struct cifs_sid *sid)
 {
-       int rc, i;
-       char *lstr;
-       struct passwd *winpswdptr;
-
-       lstr = strstr(sidstr, "\\"); /* everything before | */
-       if (lstr)
-               ++lstr;
-       else
-               lstr = sidstr;
-
-       /* Check if it is a (raw) SID (string) */
-       rc = wbcStringToSid(lstr, (struct wbcDomainSid *)sid);
-       if (!rc)
-               goto fix_endianness;
-
-       /* Check if it a name (string) which can be resolved to a SID*/
-       rc = wbcGetpwnam(lstr, &winpswdptr);
-       if (rc) {
-               printf("%s: Invalid user name: %s\n", __func__, sidstr);
-               return rc;
-       }
-       rc = wbcUidToSid(winpswdptr->pw_uid, (struct wbcDomainSid *)sid);
-       if (rc) {
-               printf("%s: Invalid user: %s\n", __func__, sidstr);
+       int i;
+       wbcErr rc;
+       char *name, *domain;
+       enum wbcSidType type;
+
+       name = strchr(sidstr, '\\');
+       if (!name) {
+               /* might be a raw string representation of SID */
+               rc = wbcStringToSid(sidstr, (struct wbcDomainSid *)sid);
+               if (WBC_ERROR_IS_OK(rc))
+                       goto fix_endianness;
+
+               domain = "";
+               name = sidstr;
+       } else {
+               domain = sidstr;
+               *name = '\0';
+               ++name;
+       }
+
+       rc = wbcLookupName(domain, name, (struct wbcDomainSid *)sid, &type);
+       if (!WBC_ERROR_IS_OK(rc)) {
+               printf("%s: Error converting %s\\%s to SID: %s\n",
+                       __func__, domain, name, wbcErrorString(rc));
                return rc;
        }