From: Volker Lendecke Date: Tue, 18 Apr 2023 10:01:02 +0000 (+0200) Subject: smbd: Use security_token_count_flag_sids() in open_np_file() X-Git-Tag: talloc-2.4.1~719 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=244ee8ad75c2c968997dfdd5eeb9e9cb97a191fb;p=thirdparty%2Fsamba.git smbd: Use security_token_count_flag_sids() in open_np_file() Simpler logic in the caller Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher --- diff --git a/source3/smbd/smb2_pipes.c b/source3/smbd/smb2_pipes.c index b637ddf216a..8f8786752db 100644 --- a/source3/smbd/smb2_pipes.c +++ b/source3/smbd/smb2_pipes.c @@ -78,7 +78,7 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name, uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED; uint16_t cipher = xconn->smb2.server.cipher; struct dom_sid smb3_sid = global_sid_Samba_SMB3; - uint32_t i; + size_t num_smb3_sids; bool ok; session_info = copy_session_info(fsp, conn->session_info); @@ -94,17 +94,16 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name, * * Make sure we don't have a SMB3 SID in the security token! */ - for (i = 0; i < security_token->num_sids; i++) { - int cmp; - - cmp = dom_sid_compare_domain(&security_token->sids[i], - &smb3_sid); - if (cmp == 0) { - DBG_ERR("ERROR: An SMB3 SID has already been " - "detected in the security token!\n"); - file_free(smb_req, fsp); - return NT_STATUS_ACCESS_DENIED; - } + num_smb3_sids = security_token_count_flag_sids(security_token, + &smb3_sid, + 3, + NULL); + if (num_smb3_sids != 0) { + DBG_ERR("ERROR: %zu SMB3 SIDs have already been " + "detected in the security token!\n", + num_smb3_sids); + file_free(smb_req, fsp); + return NT_STATUS_ACCESS_DENIED; } ok = sid_append_rid(&smb3_sid, dialect);