auth4: Use dom_sid_str_buf
authorVolker Lendecke <vl@samba.org>
Sun, 16 Dec 2018 16:11:55 +0000 (17:11 +0100)
committerJeremy Allison <jra@samba.org>
Tue, 8 Jan 2019 02:40:28 +0000 (03:40 +0100)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/auth/sam.c
source4/auth/session.c
source4/auth/unix_token.c

index 38c4a24..709e901 100644 (file)
@@ -350,7 +350,7 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
        char *filter = NULL;
        /* SIDs for the account and his primary group */
        struct dom_sid *account_sid;
-       const char *primary_group_string;
+       struct dom_sid_buf buf;
        const char *primary_group_dn;
        DATA_BLOB primary_group_blob;
        /* SID structures for the expanded group memberships */
@@ -404,13 +404,10 @@ _PUBLIC_ NTSTATUS authsam_make_user_info_dc(TALLOC_CTX *mem_ctx,
                return status;
        }
 
-       primary_group_string = dom_sid_string(tmp_ctx, &sids[PRIMARY_GROUP_SID_INDEX]);
-       if (primary_group_string == NULL) {
-               TALLOC_FREE(user_info_dc);
-               return NT_STATUS_NO_MEMORY;
-       }
-
-       primary_group_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", primary_group_string);
+       primary_group_dn = talloc_asprintf(
+               tmp_ctx,
+               "<SID=%s>",
+               dom_sid_str_buf(&sids[PRIMARY_GROUP_SID_INDEX], &buf));
        if (primary_group_dn == NULL) {
                TALLOC_FREE(user_info_dc);
                return NT_STATUS_NO_MEMORY;
@@ -755,8 +752,9 @@ NTSTATUS authsam_get_user_info_dc_principal(TALLOC_CTX *mem_ctx,
                                          "(&(objectSid=%s)(objectClass=domain))",
                                            ldap_encode_ndr_dom_sid(tmp_ctx, domain_sid));
                if (!domain_dn) {
+                       struct dom_sid_buf buf;
                        DEBUG(3, ("authsam_get_user_info_dc_principal: Failed to find domain with: SID %s\n",
-                                 dom_sid_string(tmp_ctx, domain_sid)));
+                                 dom_sid_str_buf(domain_sid, &buf)));
                        return NT_STATUS_NO_SUCH_USER;
                }
 
index e324ecf..3a8c40b 100644 (file)
@@ -178,19 +178,14 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 
                /* Search for each group in the token */
                for (i = 0; i < num_sids; i++) {
-                       char *sid_string;
+                       struct dom_sid_buf buf;
                        const char *sid_dn;
                        DATA_BLOB sid_blob;
 
-                       sid_string = dom_sid_string(tmp_ctx,
-                                                     &sids[i]);
-                       if (sid_string == NULL) {
-                               TALLOC_FREE(user_info_dc);
-                               return NT_STATUS_NO_MEMORY;
-                       }
-                       
-                       sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", sid_string);
-                       talloc_free(sid_string);
+                       sid_dn = talloc_asprintf(
+                               tmp_ctx,
+                               "<SID=%s>",
+                               dom_sid_str_buf(&sids[i], &buf));
                        if (sid_dn == NULL) {
                                TALLOC_FREE(user_info_dc);
                                return NT_STATUS_NO_MEMORY;
index fdfbb24..f3a93b6 100644 (file)
@@ -91,11 +91,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
        } else if (ids[0].xid.type == ID_TYPE_UID) {
                (*sec)->uid = ids[0].xid.id;
        } else {
-               char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
+               struct dom_sid_buf buf;
                DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID.  Conversion was returned as type %d, full token:\n",
-                         sid_str, (int)ids[0].xid.type));
+                         dom_sid_str_buf(ids[0].sid, &buf),
+                         (int)ids[0].xid.type));
                security_token_debug(DBGC_AUTH, 0, token);
-               talloc_free(sid_str);
                return NT_STATUS_INVALID_SID;
        }
 
@@ -105,11 +105,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
                (*sec)->groups[g] = ids[1].xid.id;
                g++;
        } else {
-               char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
+               struct dom_sid_buf buf;
                DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID.  Conversion was returned as type %d, full token:\n",
-                         sid_str, (int)ids[1].xid.type));
+                         dom_sid_str_buf(ids[1].sid, &buf),
+                         (int)ids[1].xid.type));
                security_token_debug(DBGC_AUTH, 0, token);
-               talloc_free(sid_str);
                return NT_STATUS_INVALID_SID;
        }
 
@@ -119,11 +119,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
                        (*sec)->groups[g] = ids[s].xid.id;
                        g++;
                } else {
-                       char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
+                       struct dom_sid_buf buf;
                        DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID.  Conversion was returned as type %d, full token:\n",
-                                 sid_str, (unsigned int)s, (int)ids[s].xid.type));
+                                 dom_sid_str_buf(ids[s].sid, &buf),
+                                 (unsigned int)s, (int)ids[s].xid.type));
                        security_token_debug(DBGC_AUTH, 0, token);
-                       talloc_free(sid_str);
                        return NT_STATUS_INVALID_SID;
                }
        }