From be5fd9a3a1b91dbd41e2bd0b025e3d3ffb598463 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 18 Apr 2024 00:38:17 +1200 Subject: [PATCH] ldb-samba: simplify ldif_comparison_objectSid() The ldif_comparision_objectSid_isString() call is both wrong (disallowing "s-") and redundant, because ldif_read_objectSid() calls dom_sid_parse(), which does the check properly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- lib/ldb-samba/ldif_handlers.c | 41 ++++++++++++++--------------------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index a85e6ff3fb9..c9b4a910894 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -157,40 +157,31 @@ bool ldif_comparision_objectSid_isString(const struct ldb_val *v) static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *v1, const struct ldb_val *v2) { - bool v1_is_string = ldif_comparision_objectSid_isString(v1); - bool v2_is_string = ldif_comparision_objectSid_isString(v2); - struct ldb_val parsed_1 = {}; - struct ldb_val parsed_2 = {}; + struct ldb_val parsed_1 = {.data = NULL}; + struct ldb_val parsed_2 = {.data = NULL}; int ret; /* * If the ldb_vals look like SID strings (i.e. start with "S-" - * or "s-"), we try to parse them as such. If that fails, we - * assume they are binary SIDs, even though that's not really - * possible -- the first two bytes of a struct dom_sid are the - * version (1), and the number of sub-auths (<= 15), neither - * of which are close to 'S' or '-'. + * or "s-"), we treat them as strings. + * + * It is not really possible for a blob to be both a SID string and a + * SID struct -- the first two bytes of a struct dom_sid (including in + * NDR form) are the version (1), and the number of sub-auths (<= 15), + * neither of which are close to 'S' or '-'. */ - if (v1_is_string) { - int r = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1); - if (r == 0) { - v1 = &parsed_1; - } + ret = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1); + if (ret == 0) { + v1 = &parsed_1; } - if (v2_is_string) { - int r = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2); - if (r == 0) { - v2 = &parsed_2; - } + ret = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2); + if (ret == 0) { + v2 = &parsed_2; } ret = ldb_comparison_binary(ldb, mem_ctx, v1, v2); - if (v1_is_string) { - TALLOC_FREE(parsed_1.data); - } - if (v2_is_string) { - TALLOC_FREE(parsed_2.data); - } + TALLOC_FREE(parsed_1.data); + TALLOC_FREE(parsed_2.data); return ret; } -- 2.47.3