The branch, master has been updated
via dff03b6... s3: Make string_to_sid a wrapper around dom_sid_parse
via 397a6fa... s3: Add a little torture test for dom_sid_parse
via 1fbeae4... libcli/security: Prohibit SID formats like S-1-5-32-+545
via f1c889a... libcli/security: Fix a valgrind error in dom_sid_parse
via 7fe66e0... libcli/security: Convert some strtol calls to strtoul
via 7c68766... libcli/security: Remove a call to strncasecmp
from a771c18... libreplace: Fix a C++ warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit dff03b61fd5d923562711b38cc7dbe996dc07283
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 15:24:20 2010 +0100
s3: Make string_to_sid a wrapper around dom_sid_parse
commit 397a6faed9061a6b814cc173cfe4056947ad88aa
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 14:55:11 2010 +0100
s3: Add a little torture test for dom_sid_parse
commit 1fbeae41655b8305834f2149b1268077eba8633d
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 14:53:54 2010 +0100
libcli/security: Prohibit SID formats like S-1-5-32-+545
commit f1c889a4e61d6d751cbabd8014b4345b8051b97c
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 13:53:48 2010 +0100
libcli/security: Fix a valgrind error in dom_sid_parse
commit 7fe66e06c4df575c410d4d70ff38f120c2f4363b
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 13:50:59 2010 +0100
libcli/security: Convert some strtol calls to strtoul
This tightens the dom_sid_parse syntax check a bit: "--" would have been
allowed in sid string
commit 7c687665eaf16b0c6f83c130f6d9e5459e0b2a32
Author: Volker Lendecke <v...@samba.org>
Date: Sat Jan 23 13:48:49 2010 +0100
libcli/security: Remove a call to strncasecmp
-----------------------------------------------------------------------
Summary of changes:
libcli/security/dom_sid.c | 27 ++++++++++---
source3/lib/util_sid.c | 57 +++------------------------
source3/script/tests/test_smbtorture_s3.sh | 1 +
source3/torture/torture.c | 18 +++++++++
4 files changed, 46 insertions(+), 57 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 0c88900..8a2ed1f 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -85,28 +85,32 @@ bool dom_sid_equal(const struct dom_sid *sid1, const struct
dom_sid *sid2)
return dom_sid_compare(sid1, sid2) == 0;
}
-/* Yes, I did think about multibyte issues here, and for all I can see there's
- * none of those for parsing a SID. */
-#undef strncasecmp
-
bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
{
uint_t rev, ia, num_sub_auths, i;
char *p;
- if (strncasecmp(sidstr, "S-", 2)) {
+ if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') {
return false;
}
sidstr += 2;
- rev = strtol(sidstr, &p, 10);
+ if (!isdigit(sidstr[0])) {
+ return false;
+ }
+
+ rev = strtoul(sidstr, &p, 10);
if (*p != '-') {
return false;
}
sidstr = p+1;
- ia = strtol(sidstr, &p, 10);
+ if (!isdigit(sidstr[0])) {
+ return false;
+ }
+
+ ia = strtoul(sidstr, &p, 10);
if (p == sidstr) {
return false;
}
@@ -117,6 +121,10 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
if (sidstr[i] == '-') num_sub_auths++;
}
+ if (num_sub_auths > ARRAY_SIZE(ret->sub_auths)) {
+ return false;
+ }
+
ret->sid_rev_num = rev;
ret->id_auth[0] = 0;
ret->id_auth[1] = 0;
@@ -131,6 +139,11 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
return false;
}
sidstr++;
+
+ if (!isdigit(sidstr[0])) {
+ return false;
+ }
+
ret->sub_auths[i] = strtoul(sidstr, &p, 10);
if (p == sidstr) {
return false;
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 20c2663..ea66dbf 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -23,6 +23,7 @@
*/
#include "includes.h"
+#include "libcli/security/dom_sid.h"
/*
* Some useful sids, more well known sids can be found at
@@ -217,58 +218,14 @@ char *sid_string_tos(const DOM_SID *sid)
Convert a string to a SID. Returns True on success, False on fail.
*****************************************************************/
-bool string_to_sid(DOM_SID *sidout, const char *sidstr)
+bool string_to_sid(struct dom_sid *sidout, const char *sidstr)
{
- const char *p;
- char *q;
- /* BIG NOTE: this function only does SIDS where the identauth is not >=
2^32 */
- uint32 conv;
-
- if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') {
- DEBUG(3,("string_to_sid: Sid %s does not start with 'S-'.\n",
sidstr));
- return False;
+ if (!dom_sid_parse(sidstr, sidout)) {
+ DEBUG(3, ("string_to_sid: Sid %s is not in a valid format.\n",
+ sidstr));
+ return false;
}
-
- ZERO_STRUCTP(sidout);
-
- /* Get the revision number. */
- p = sidstr + 2;
- conv = (uint32) strtoul(p, &q, 10);
- if (!q || (*q != '-')) {
- DEBUG(3,("string_to_sid: Sid %s is not in a valid format.\n",
sidstr));
- return False;
- }
- sidout->sid_rev_num = (uint8) conv;
- q++;
-
- /* get identauth */
- conv = (uint32) strtoul(q, &q, 10);
- if (!q || (*q != '-')) {
- DEBUG(0,("string_to_sid: Sid %s is not in a valid format.\n",
sidstr));
- return False;
- }
- /* identauth in decimal should be < 2^32 */
- /* NOTE - the conv value is in big-endian format. */
- sidout->id_auth[0] = 0;
- sidout->id_auth[1] = 0;
- sidout->id_auth[2] = (conv & 0xff000000) >> 24;
- sidout->id_auth[3] = (conv & 0x00ff0000) >> 16;
- sidout->id_auth[4] = (conv & 0x0000ff00) >> 8;
- sidout->id_auth[5] = (conv & 0x000000ff);
-
- q++;
- sidout->num_auths = 0;
-
- for(conv = (uint32) strtoul(q, &q, 10);
- q && (*q =='-' || *q =='\0') && (sidout->num_auths < MAXSUBAUTHS);
- conv = (uint32) strtoul(q, &q, 10)) {
- sid_append_rid(sidout, conv);
- if (*q == '\0')
- break;
- q++;
- }
-
- return True;
+ return true;
}
/*****************************************************************
diff --git a/source3/script/tests/test_smbtorture_s3.sh
b/source3/script/tests/test_smbtorture_s3.sh
index 774ca94..1cbfc23 100755
--- a/source3/script/tests/test_smbtorture_s3.sh
+++ b/source3/script/tests/test_smbtorture_s3.sh
@@ -33,6 +33,7 @@ tests="$tests OPEN XCOPY RENAME DELETE PROPERTIES W2K"
tests="$tests TCON2 IOCTL CHKPATH FDSESS LOCAL-SUBSTITUTE CHAIN1"
tests="$tests GETADDRINFO POSIX UID-REGRESSION-TEST SHORTNAME-TEST"
tests="$tests LOCAL-BASE64 LOCAL-GENCACHE POSIX-APPEND"
+tests="$tests LOCAL-dom_sid_parse"
skipped1="RANDOMIPC NEGNOWAIT NBENCH ERRMAPEXTRACT TRANS2SCAN NTTRANSSCAN"
skipped2="DENY1 DENY2 OPENATTR CASETABLE EATEST"
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index c7a69ae..758bb60 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "nsswitch/libwbclient/wbc_async.h"
#include "torture/proto.h"
+#include "libcli/security/dom_sid.h"
extern char *optarg;
extern int optind;
@@ -6670,6 +6671,22 @@ static bool run_local_talloc_dict(int dummy)
return true;
}
+static bool run_local_dom_sid_parse(int dummy) {
+ struct dom_sid sid;
+
+ if (dom_sid_parse("S--1-5-32-545", &sid)) {
+ return false;
+ }
+ if (dom_sid_parse("S-1-5-32-+545", &sid)) {
+ return false;
+ }
+ if (dom_sid_parse("S-1-2-3-4-5-6-7-8-9-0-1-2-3-4-5-6-7-8-9-0", &sid)) {
+ return false;
+ }
+
+ return true;
+}
+
/* Split a path name into filename and stream name components. Canonicalise
* such that an implicit $DATA token is always explicit.
*
@@ -7228,6 +7245,7 @@ static struct {
{ "LOCAL-MEMCACHE", run_local_memcache, 0},
{ "LOCAL-STREAM-NAME", run_local_stream_name, 0},
{ "LOCAL-WBCLIENT", run_local_wbclient, 0},
+ { "LOCAL-dom_sid_parse", run_local_dom_sid_parse, 0},
{NULL, NULL, 0}};
--
Samba Shared Repository
