Check the return value of string_to_sid in a few more places. (But
authorAndrew Bartlett <abartlet@samba.org>
Fri, 26 Dec 2003 03:14:31 +0000 (03:14 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 26 Dec 2003 03:14:31 +0000 (03:14 +0000)
string_to_sid also needs to be less permissive on what it thinks are
valid sids...)

Andrew Bartlett
(This used to be commit 9080c30de8aa96ed3b9b121ca111f1632572754e)

source3/passdb/pdb_ldap.c

index a1ac042410758f81df144d030d4e52ef02d2b6f2..1f44f5ab605771e9c8cfd8a4d4b389ee142ba885 100644 (file)
@@ -1693,7 +1693,11 @@ static BOOL init_group_from_ldap(struct ldapsam_privates *ldap_state,
                        get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_SID)));
                return False;
        }
-       string_to_sid(&map->sid, temp);
+       
+       if (!string_to_sid(&map->sid, temp)) {
+               DEBUG(1, ("SID string [%s] could not be read as a valid SID\n", temp));
+               return False;
+       }
 
        if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, 
                        get_attr_key2string( groupmap_attr_list, LDAP_ATTR_GROUP_TYPE), temp)) {
@@ -1749,6 +1753,7 @@ static BOOL init_ldap_from_group(LDAP *ldap_struct,
        *mods = NULL;
 
        sid_to_string(tmp, &map->sid);
+
        smbldap_make_mod(ldap_struct, existing, mods, 
                get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GROUP_SID), tmp);
        pstr_sprintf(tmp, "%i", map->sid_name_use);
@@ -2362,7 +2367,10 @@ and will risk BDCs having inconsistant SIDs\n"));
                                 get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), 
                                 domain_sid_string)) {
                BOOL found_sid;
-               string_to_sid(&ldap_domain_sid, domain_sid_string);
+               if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) {
+                       DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be read as a valid SID\n", domain_sid_string));
+                       return NT_STATUS_INVALID_PARAMETER;
+               }
                found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, &secrets_domain_sid);
                if (!found_sid || !sid_equal(&secrets_domain_sid, &ldap_domain_sid)) {
                        /* reset secrets.tdb sid */