From: Garming Sam <garming@catalyst.net.nz>
Date: Fri, 10 Mar 2017 01:25:21 +0000 (+1300)
Subject: getncchanges: generalize samdb_result_sid_array_ndr a little
X-Git-Tag: tdb-1.3.13~480
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9d570d5a3a684138bea271a750f0e7540e51bea;p=thirdparty%2Fsamba.git

getncchanges: generalize samdb_result_sid_array_ndr a little

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 1038a87ff24..4ea4b01e365 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -1128,18 +1128,19 @@ static WERROR samdb_result_sid_array_dn(struct ldb_context *sam_ctx,
 
 
 /*
-  return an array of SIDs from a ldb_message given an attribute name
-  assumes the SIDs are in NDR form (with an additional sid at the end)
+ * Return an array of SIDs from a ldb_message given an attribute name assumes
+ * the SIDs are in NDR form (with additional sids applied on the end).
  */
 static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
 					 struct ldb_message *msg,
 					 TALLOC_CTX *mem_ctx,
 					 const char *attr,
 					 const struct dom_sid ***sids,
-					 const struct dom_sid *user_sid)
+					 const struct dom_sid **additional_sids,
+					 unsigned int num_additional)
 {
 	struct ldb_message_element *el;
-	unsigned int i;
+	unsigned int i, j;
 
 	el = ldb_msg_find_element(msg, attr);
 	if (!el) {
@@ -1148,7 +1149,8 @@ static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
 	}
 
 	/* Make array long enough for NULL and additional SID */
-	(*sids) = talloc_array(mem_ctx, const struct dom_sid *, el->num_values + 2);
+	(*sids) = talloc_array(mem_ctx, const struct dom_sid *,
+			       el->num_values + num_additional + 1);
 	W_ERROR_HAVE_NO_MEMORY(*sids);
 
 	for (i=0; i<el->num_values; i++) {
@@ -1165,8 +1167,12 @@ static WERROR samdb_result_sid_array_ndr(struct ldb_context *sam_ctx,
 		}
 		(*sids)[i] = sid;
 	}
-	(*sids)[i] = user_sid;
-	(*sids)[i+1] = NULL;
+
+	for (j = 0; j < num_additional; j++) {
+		(*sids)[i++] = additional_sids[j];
+	}
+
+	(*sids)[i] = NULL;
 
 	return WERR_OK;
 }
@@ -1210,6 +1216,7 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
 	const struct dom_sid **never_reveal_sids, **reveal_sids, **token_sids;
 	const struct dom_sid *object_sid = NULL;
 	WERROR werr;
+	const struct dom_sid *additional_sids[] = { NULL, NULL };
 
 	DEBUG(3,(__location__ ": DRSUAPI_EXOP_REPL_SECRET extended op on %s\n",
 		 drs_ObjectIdentifier_to_string(mem_ctx, ncRoot)));
@@ -1298,6 +1305,8 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
 		goto allowed;
 	}
 
+	additional_sids[0] = object_sid;
+
 	/*
 	 * Must be an RODC account at this point, verify machine DN matches the
 	 * SID account
@@ -1344,7 +1353,8 @@ static WERROR getncchanges_repl_secret(struct drsuapi_bind_state *b_state,
 	 * TODO determine if sIDHistory is required for this check
 	 */
 	werr = samdb_result_sid_array_ndr(b_state->sam_ctx_system, obj_res->msgs[0],
-					 mem_ctx, "tokenGroups", &token_sids, object_sid);
+					  mem_ctx, "tokenGroups", &token_sids,
+					  additional_sids, 1);
 	if (!W_ERROR_IS_OK(werr) || token_sids==NULL) {
 		goto denied;
 	}