libcli/security: simplify sddl_encode_sid()

We should walk the sid_codes array just once.
This makes further changes easier...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 20d5553ad43269dc56543d52e857c675e90c734d..85feae305e142b24cd2dbc2009dcceba9a9d3bef 100644 (file)
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -556,35 +556,39 @@ failed:
 static char *sddl_encode_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
                             struct sddl_transition_state *state)
 {
+       bool in_domain = dom_sid_in_domain(state->domain_sid, sid);
+       struct dom_sid_buf buf;
+       const char *sidstr = dom_sid_str_buf(sid, &buf);
+       uint32_t rid = 0;
        size_t i;
-       char *sidstr;
 
-       sidstr = dom_sid_string(mem_ctx, sid);
-       if (sidstr == NULL) return NULL;
+       if (sid->num_auths > 1) {
+               rid = sid->sub_auths[sid->num_auths-1];
+       }
+
+       for (i=0;i<ARRAY_SIZE(sid_codes);i++) {
+               /* seen if its a well known sid */
+               if (sid_codes[i].sid != NULL) {
+                       int cmp;
+
+                       cmp = strcmp(sidstr, sid_codes[i].sid);
+                       if (cmp != 0) {
+                               continue;
+                       }
 
-       /* seen if its a well known sid */
-       for (i=0;sid_codes[i].sid;i++) {
-               if (strcmp(sidstr, sid_codes[i].sid) == 0) {
-                       talloc_free(sidstr);
                        return talloc_strdup(mem_ctx, sid_codes[i].code);
                }
-       }
 
-       /* or a well known rid in our domain */
-       if (dom_sid_in_domain(state->domain_sid, sid)) {
-               uint32_t rid = sid->sub_auths[sid->num_auths-1];
-               for (;i<ARRAY_SIZE(sid_codes);i++) {
-                       if (rid == sid_codes[i].rid) {
-                               talloc_free(sidstr);
-                               return talloc_strdup(mem_ctx, sid_codes[i].code);
-                       }
+               if (rid == 0) {
+                       continue;
                }
-       }
 
-       talloc_free(sidstr);
+               if (in_domain && sid_codes[i].rid == rid) {
+                       return talloc_strdup(mem_ctx, sid_codes[i].code);
+               }
+       }
 
-       /* TODO: encode well known sids as two letter codes */
-       return dom_sid_string(mem_ctx, sid);
+       return talloc_strdup(mem_ctx, sidstr);
 }