Author: jerry Date: 2005-09-23 15:23:16 +0000 (Fri, 23 Sep 2005) New Revision: 10454
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10454 Log: * prevent privilege code from storing an empty SID (and filter it out if one is already there) * Fix LUID value match in privilege_set_to_se_priv() (fix jmcd's bug report). Modified: branches/SAMBA_3_0/source/lib/privileges.c trunk/source/lib/privileges.c Changeset: Modified: branches/SAMBA_3_0/source/lib/privileges.c =================================================================== --- branches/SAMBA_3_0/source/lib/privileges.c 2005-09-23 15:08:17 UTC (rev 10453) +++ branches/SAMBA_3_0/source/lib/privileges.c 2005-09-23 15:23:16 UTC (rev 10454) @@ -286,6 +286,11 @@ if ( !tdb ) return False; + if ( !sid || (sid->num_auths == 0) ) { + DEBUG(0,("set_privileges: Refusing to store empty SID!\n")); + return False; + } + /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); @@ -498,6 +503,12 @@ fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); + /* this is a last ditch safety check to preventing returning + and invalid SID (i've somehow run into this on development branches) */ + + if ( strcmp( "S-0-0", sid_string ) == 0 ) + return 0; + if ( !string_to_sid(&sid, sid_string) ) { DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", sid_string)); @@ -812,11 +823,28 @@ /******************************************************************* *******************************************************************/ -BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +static BOOL luid_to_se_priv( LUID *luid, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); + for ( i=0; i<num_privs; i++ ) { + if ( luid->low == privs[i].luid.low ) { + se_priv_copy( mask, &privs[i].se_priv ); + return True; + } + } + + return False; +} + +/******************************************************************* +*******************************************************************/ + +BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +{ + int i; + ZERO_STRUCTP( mask ); for ( i=0; i<privset->count; i++ ) { @@ -828,12 +856,8 @@ if ( privset->set[i].luid.high != 0 ) return False; - /* make sure :LUID.low is in range */ - if ( privset->set[i].luid.low == 0 || privset->set[i].luid.low > num_privs ) - return False; - - r = privs[privset->set[i].luid.low - 1].se_priv; - se_priv_add( mask, &r ); + if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) + se_priv_add( mask, &r ); } return True; Modified: trunk/source/lib/privileges.c =================================================================== --- trunk/source/lib/privileges.c 2005-09-23 15:08:17 UTC (rev 10453) +++ trunk/source/lib/privileges.c 2005-09-23 15:23:16 UTC (rev 10454) @@ -286,6 +286,11 @@ if ( !tdb ) return False; + if ( !sid || (sid->num_auths == 0) ) { + DEBUG(0,("set_privileges: Refusing to store empty SID!\n")); + return False; + } + /* PRIV_<SID> (NULL terminated) as the key */ fstr_sprintf( keystr, "%s%s", PRIVPREFIX, sid_string_static(sid) ); @@ -498,6 +503,12 @@ fstrcpy( sid_string, &key.dptr[strlen(PRIVPREFIX)] ); + /* this is a last ditch safety check to preventing returning + and invalid SID (i've somehow run into this on development branches) */ + + if ( strcmp( "S-0-0", sid_string ) == 0 ) + return 0; + if ( !string_to_sid(&sid, sid_string) ) { DEBUG(0,("travsersal_fn_enum__acct: Could not convert SID [%s]\n", sid_string)); @@ -812,11 +823,28 @@ /******************************************************************* *******************************************************************/ -BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +static BOOL luid_to_se_priv( LUID *luid, SE_PRIV *mask ) { int i; uint32 num_privs = count_all_privileges(); + for ( i=0; i<num_privs; i++ ) { + if ( luid->low == privs[i].luid.low ) { + se_priv_copy( mask, &privs[i].se_priv ); + return True; + } + } + + return False; +} + +/******************************************************************* +*******************************************************************/ + +BOOL privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset ) +{ + int i; + ZERO_STRUCTP( mask ); for ( i=0; i<privset->count; i++ ) { @@ -828,12 +856,8 @@ if ( privset->set[i].luid.high != 0 ) return False; - /* make sure :LUID.low is in range */ - if ( privset->set[i].luid.low == 0 || privset->set[i].luid.low > num_privs ) - return False; - - r = privs[privset->set[i].luid.low - 1].se_priv; - se_priv_add( mask, &r ); + if ( luid_to_se_priv( &privset->set[i].luid, &r ) ) + se_priv_add( mask, &r ); } return True;
