setcifsacl: fix endianness on SIDs provided by winbind routines

Winbind keeps SID fields in host-endian format, but setcifsacl doesn't
currently account for that. Make sure that when we get a valid SID
from wbc that we convert the subauth fields to little-endian, which
the server will expect. The other fields are single bytes and don't
need conversion.

Signed-off-by: Jeff Layton <jlayton@samba.org>

diff --git a/setcifsacl.c b/setcifsacl.c
index 4c09345647057c47cfcd23897ae78cd94144ccdc..612796bfd212a7659c5110294323e3045d03843c 100644 (file)
--- a/setcifsacl.c
+++ b/setcifsacl.c
@@ -396,7 +396,7 @@ build_fetched_aces_ret:
 static int
 verify_ace_sid(char *sidstr, struct cifs_sid *sid)
 {
 static int
 verify_ace_sid(char *sidstr, struct cifs_sid *sid)
 {

-       int rc;
+       int rc, i;

        char *lstr;
        struct passwd *winpswdptr;
 
        char *lstr;
        struct passwd *winpswdptr;
 


@@ -409,7 +409,7 @@ verify_ace_sid(char *sidstr, struct cifs_sid *sid)
        /* Check if it is a (raw) SID (string) */
        rc = wbcStringToSid(lstr, (struct wbcDomainSid *)sid);
        if (!rc)
        /* Check if it is a (raw) SID (string) */
        rc = wbcStringToSid(lstr, (struct wbcDomainSid *)sid);
        if (!rc)

-               return rc;
+               goto fix_endianness;

 
        /* Check if it a name (string) which can be resolved to a SID*/
        rc = wbcGetpwnam(lstr, &winpswdptr);
 
        /* Check if it a name (string) which can be resolved to a SID*/
        rc = wbcGetpwnam(lstr, &winpswdptr);


@@ -423,6 +423,13 @@ verify_ace_sid(char *sidstr, struct cifs_sid *sid)
                return rc;
        }
 
                return rc;
        }
 

+fix_endianness:
+       /*
+        * Winbind keeps wbcDomainSid fields in host-endian. So, we must
+        * convert that to little endian since the server will expect that.
+        */
+       for (i = 0; i < sid->num_subauth; i++)
+               sid->sub_auth[i] = htole32(sid->sub_auth[i]);

        return 0;
 }
 
        return 0;
 }