Revert "libsmb: Use sid_parse()"

This reverts commit afd5d34f5e1d13ba88448b3b94d353aa8361d1a9.

This code originally used ndr_pull_struct_blob() to pull one SID from a
buffer potentially containing multiple SIDs. When this was changed to
use sid_parse(), it was now attempting to parse the whole buffer as a
single SID with ndr_pull_struct_blob_all(), which would cause it to fail
if more than one SID was present.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index bcfe406e07b2bc5225323d38e44153d92b997b9d..a9b3b03abb698f69c1380c1cbef1d552091e749f 100644 (file)
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -29,7 +29,6 @@
 #include "../libcli/smb/smbXcli_base.h"
 #include "auth/credentials/credentials.h"
 #include "../librpc/gen_ndr/ndr_security.h"
-#include "libcli/security/dom_sid.h"
 
 /****************************************************************************
  Get UNIX extensions version info.
@@ -686,9 +685,23 @@ static void cli_posix_whoami_done(struct tevent_req *subreq)
        num_rdata -= (p - rdata);
 
        for (i = 0; i < state->num_sids; i++) {
-               ssize_t sid_size = sid_parse(p, num_rdata, &state->sids[i]);
+               size_t sid_size;
+               DATA_BLOB in = data_blob_const(p, num_rdata);
+               enum ndr_err_code ndr_err;
 
-               if ((sid_size == -1) || (sid_size > num_rdata)) {
+               ndr_err = ndr_pull_struct_blob(&in,
+                               state,
+                               &state->sids[i],
+                               (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+               if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+                       tevent_req_nterror(req,
+                               NT_STATUS_INVALID_NETWORK_RESPONSE);
+                       return;
+               }
+
+               sid_size = ndr_size_dom_sid(&state->sids[i], 0);
+
+               if (sid_size > num_rdata) {
                        tevent_req_nterror(req,
                                NT_STATUS_INVALID_NETWORK_RESPONSE);
                        return;