From: Volker Lendecke Date: Fri, 8 Oct 2021 09:34:23 +0000 (+0200) Subject: smbd: Make SID_SAMBA_SMB3 a static SID X-Git-Tag: ldb-2.5.0~529 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2256c99a6591092937b9395e39c2a7f461db42e;p=thirdparty%2Fsamba.git smbd: Make SID_SAMBA_SMB3 a static SID No need to parse it Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 678b2e21ba6..568916a159d 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -64,6 +64,7 @@ extern const struct dom_sid global_sid_Unix_NFS_Users; extern const struct dom_sid global_sid_Unix_NFS_Groups; extern const struct dom_sid global_sid_Unix_NFS_Mode; extern const struct dom_sid global_sid_Unix_NFS_Other; +extern const struct dom_sid global_sid_Samba_SMB3; enum lsa_SidType; diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c index 634628f04d9..15dc50339d1 100644 --- a/libcli/security/util_sid.c +++ b/libcli/security/util_sid.c @@ -158,6 +158,10 @@ const struct dom_sid global_sid_Unix_NFS_Other = /* Unix other, MS NFS and Appl { 1, 2, {0,0,0,0,0,5}, {88,4,0,0,0,0,0,0,0,0,0,0,0,0,0}}; #endif +/* Information passing via security token */ +const struct dom_sid global_sid_Samba_SMB3 = +{1, 1, {0,0,0,0,0,22}, {1397571891, }}; + /* Unused, left here for documentary purposes */ #if 0 #define SECURITY_NULL_SID_AUTHORITY 0 diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 3df96dedbdd..9845becd826 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -282,9 +282,6 @@ interface security const string SID_SAMBA_UNIX_USER_OWNER = "S-1-22-1"; const string SID_SAMBA_UNIX_GROUP_OWNER = "S-1-22-2"; - /* Information passing via security token */ - const string SID_SAMBA_SMB3 = "S-1-22-1397571891"; - /* SECURITY_NT_SERVICE */ const string NAME_NT_SERVICE = "NT SERVICE"; diff --git a/librpc/rpc/dcerpc_helper.c b/librpc/rpc/dcerpc_helper.c index c5443764628..f53523b23ea 100644 --- a/librpc/rpc/dcerpc_helper.c +++ b/librpc/rpc/dcerpc_helper.c @@ -70,7 +70,7 @@ static bool smb3_sid_parse(const struct dom_sid *sid, bool dcerpc_is_transport_encrypted(struct auth_session_info *session_info) { struct security_token *token = session_info->security_token; - struct dom_sid smb3_dom_sid; + struct dom_sid smb3_dom_sid = global_sid_Samba_SMB3; const struct dom_sid *smb3_sid = NULL; uint16_t dialect = 0; uint16_t encrypt = 0; @@ -78,11 +78,6 @@ bool dcerpc_is_transport_encrypted(struct auth_session_info *session_info) uint32_t i; bool ok; - ok = dom_sid_parse(SID_SAMBA_SMB3, &smb3_dom_sid); - if (!ok) { - return false; - } - for (i = 0; i < token->num_sids; i++) { int cmp; diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index 76d5348d8d3..5dc7ba8cd35 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -77,7 +77,7 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name, uint16_t dialect = xconn->smb2.server.dialect; uint16_t srv_smb_encrypt = DCERPC_SMB_ENCRYPTION_REQUIRED; uint16_t cipher = xconn->smb2.server.cipher; - struct dom_sid smb3_sid; + struct dom_sid smb3_sid = global_sid_Samba_SMB3; uint32_t i; bool ok; @@ -89,12 +89,6 @@ NTSTATUS open_np_file(struct smb_request *smb_req, const char *name, } security_token = session_info->security_token; - ok = dom_sid_parse(SID_SAMBA_SMB3, &smb3_sid); - if (!ok) { - file_free(smb_req, fsp); - return NT_STATUS_BUFFER_TOO_SMALL; - } - /* * Security check: *