smbd: Make SID_SAMBA_SMB3 a static SID

No need to parse it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 678b2e21ba6577a76fad552b34a2e1aead4ed43a..568916a159dc5f46d2435e52365a11d0dc74343c 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -64,6 +64,7 @@ extern const struct dom_sid global_sid_Unix_NFS_Users;
 extern const struct dom_sid global_sid_Unix_NFS_Groups;
 extern const struct dom_sid global_sid_Unix_NFS_Mode;
 extern const struct dom_sid global_sid_Unix_NFS_Other;
+extern const struct dom_sid global_sid_Samba_SMB3;
 
 enum lsa_SidType;
 

diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 634628f04d92eed7c01bd5595f2eaa5d44533e3e..15dc50339d11637d8713d7f8e006d789724de9e8 100644 (file)
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -158,6 +158,10 @@ const struct dom_sid global_sid_Unix_NFS_Other =           /* Unix other, MS NFS and Appl
 { 1, 2, {0,0,0,0,0,5}, {88,4,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 #endif
 
+/* Information passing via security token */
+const struct dom_sid global_sid_Samba_SMB3 =
+{1, 1, {0,0,0,0,0,22}, {1397571891, }};
+
 /* Unused, left here for documentary purposes */
 #if 0
 #define SECURITY_NULL_SID_AUTHORITY    0

diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 3df96dedbdd0b005e4590109c5e448d19d3bc81e..9845becd826501304dba80d00edd9bbed8af95c2 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -282,9 +282,6 @@ interface security
        const string SID_SAMBA_UNIX_USER_OWNER          = "S-1-22-1";
        const string SID_SAMBA_UNIX_GROUP_OWNER         = "S-1-22-2";
 
-       /* Information passing via security token */
-       const string SID_SAMBA_SMB3                     = "S-1-22-1397571891";
-
        /* SECURITY_NT_SERVICE */
        const string NAME_NT_SERVICE            = "NT SERVICE";
 

diff --git a/librpc/rpc/dcerpc_helper.c b/librpc/rpc/dcerpc_helper.c
index c5443764628baae45feb0158b1a8ca96d837bb8a..f53523b23ead198d50122f557ecf6441da087eac 100644 (file)
--- a/librpc/rpc/dcerpc_helper.c
+++ b/librpc/rpc/dcerpc_helper.c
@@ -70,7 +70,7 @@ static bool smb3_sid_parse(const struct dom_sid *sid,
 bool dcerpc_is_transport_encrypted(struct auth_session_info *session_info)
 {
        struct security_token *token = session_info->security_token;
-       struct dom_sid smb3_dom_sid;
+       struct dom_sid smb3_dom_sid = global_sid_Samba_SMB3;
        const struct dom_sid *smb3_sid = NULL;
        uint16_t dialect = 0;
        uint16_t encrypt = 0;
@@ -78,11 +78,6 @@ bool dcerpc_is_transport_encrypted(struct auth_session_info *session_info)
        uint32_t i;
        bool ok;
 
-       ok = dom_sid_parse(SID_SAMBA_SMB3, &smb3_dom_sid);
-       if (!ok) {
-               return false;
-       }
-
        for (i = 0; i < token->num_sids; i++) {
                int cmp;
 

diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index 76d5348d8d38e5dab7d119a3966204bee99500e6..5dc7ba8cd3512a0a7cd4b0f8425eed53df14aa2f 100644 (file)
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -77,7 +77,7 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
                uint16_t dialect = xconn->smb2.server.dialect;
                uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED;
                uint16_t cipher = xconn->smb2.server.cipher;
-               struct dom_sid smb3_sid;
+               struct dom_sid smb3_sid = global_sid_Samba_SMB3;
                uint32_t i;
                bool ok;
 
@@ -89,12 +89,6 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name,
                }
                security_token = session_info->security_token;
 
-               ok = dom_sid_parse(SID_SAMBA_SMB3, &smb3_sid);
-               if (!ok) {
-                       file_free(smb_req, fsp);
-                       return NT_STATUS_BUFFER_TOO_SMALL;
-               }
-
                /*
                 * Security check:
                 *