The Samba-Bugzilla – Attachment 879 Details for
Bug 2211
Incorrect parsing of security descriptor sent from Windows NT
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for parse_sec.c which fixes the mentioned problem
patch-parse_sec.c-vs-3.0.9.diff (text/plain), 4.40 KB, created by
Mrinal Kalakrishnan
on 2005-01-05 11:42:30 UTC
(
hide
)
Description:
Patch for parse_sec.c which fixes the mentioned problem
Filename:
MIME Type:
Creator:
Mrinal Kalakrishnan
Created:
2005-01-05 11:42:30 UTC
Size:
4.40 KB
patch
obsolete
>--- parse_sec.c 2004-11-16 08:33:24.000000000 +0530 >+++ parse_sec.new.c 2004-12-12 17:20:44.000000000 +0530 >@@ -53,6 +53,7 @@ > { > uint32 old_offset; > uint32 offset_ace_size; >+ uint32 ace_length; > > if (psa == NULL) > return False; >@@ -94,8 +95,18 @@ > return False; > } > >+ ace_length = prs_offset(ps) - old_offset; >+ > if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_ace_size, old_offset)) > return False; >+ >+ /* Now handle the fact that NT seems to send extra bytes for some well-known >+ * sids. We have to handle this while unmarshalling because then we dont have >+ * inconsistent security descriptor structures >+ */ >+ if(UNMARSHALLING(ps) && (ace_length != psa->size)) >+ psa->size = ace_length; >+ > return True; > } > >@@ -111,8 +123,10 @@ > unsigned int i; > uint32 old_offset; > uint32 offset_acl_size; >+ uint32 acl_parse_size = 0; > SEC_ACL *psa; > >+ > /* > * Note that the size is always a multiple of 4 bytes due to the > * nature of the data structure. Therefore the prs_align() calls >@@ -148,6 +162,9 @@ > if(!prs_uint32("num_aces ", ps, depth, &psa->num_aces)) > return False; > >+ /* Count the number of bytes read into the acl structure */ >+ acl_parse_size = sizeof(uint16) * 2 + sizeof(uint32); >+ > if (UNMARSHALLING(ps)) { > /* > * Even if the num_aces is zero, allocate memory as there's a difference >@@ -163,15 +180,58 @@ > slprintf(tmp, sizeof(tmp)-1, "ace_list[%02d]: ", i); > if(!sec_io_ace(tmp, &psa->ace[i], ps, depth)) > return False; >+ >+ /* Handle the fact that ace sizes of well known sids differ when sent from >+ * NT and Win2K/XP */ >+ acl_parse_size += psa->ace[i].size; > } > > if(!prs_uint16_post("size ", ps, depth, &psa->size, offset_acl_size, old_offset)) > return False; > >+ /* Reset the acl size to the actual size based on the format we're storing it in */ >+ if(UNMARSHALLING(ps) && (acl_parse_size != psa->size)) >+ psa->size = acl_parse_size; >+ > return True; > } > > /******************************************************************* >+ * Resets offsets in the security descriptor while unmarshalling to >+ * ensure that the offsets stored in the security descriptor are not >+ * invalid. >+ * >+ * Assumes that the security descriptor structure has been >+ * unmarshalled and that the differences in the size of the acls has >+ * been calculated >+ ******************************************************************/ >+BOOL _sec_reset_sec_desc_offsets(SEC_DESC *psd, prs_struct *ps, uint32 dacl_diff, uint32 sacl_diff) >+{ >+ if(!psd || MARSHALLING(ps)) >+ return False; >+ >+ if(psd->off_owner_sid > psd->off_dacl) >+ psd->off_owner_sid -= dacl_diff; >+ >+ if(psd->off_owner_sid > psd->off_sacl) >+ psd->off_owner_sid -= sacl_diff; >+ >+ if(psd->off_grp_sid > psd->off_dacl) >+ psd->off_grp_sid -= dacl_diff; >+ >+ if(psd->off_grp_sid > psd->off_sacl) >+ psd->off_grp_sid -= sacl_diff; >+ >+ if(psd->off_dacl > psd->off_sacl) >+ psd->off_dacl -= sacl_diff; >+ else >+ psd->off_sacl -= dacl_diff; >+ >+ return True; >+} >+ >+ >+/******************************************************************* > Reads or writes a SEC_DESC structure. > If reading and the *ppsd = NULL, allocates the structure. > ********************************************************************/ >@@ -181,7 +241,8 @@ > uint32 old_offset; > uint32 max_offset = 0; /* after we're done, move offset to end */ > uint32 tmp_offset = 0; >- >+ uint32 diff_dacl = 0; >+ uint32 diff_sacl = 0; > SEC_DESC *psd; > > if (ppsd == NULL) >@@ -282,8 +343,10 @@ > tmp_offset = prs_offset(ps); > if(!prs_set_offset(ps, old_offset + psd->off_sacl)) > return False; >+ diff_sacl = prs_offset(ps); > if(!sec_io_acl("sacl", &psd->sacl, ps, depth)) > return False; >+ diff_sacl = prs_offset(ps) - diff_sacl - psd->sacl->size; > max_offset = MAX(max_offset, prs_offset(ps)); > if (!prs_set_offset(ps,tmp_offset)) > return False; >@@ -294,8 +357,10 @@ > tmp_offset = prs_offset(ps); > if(!prs_set_offset(ps, old_offset + psd->off_dacl)) > return False; >+ diff_dacl = prs_offset(ps); > if(!sec_io_acl("dacl", &psd->dacl, ps, depth)) > return False; >+ diff_dacl = prs_offset(ps) - diff_dacl - psd->dacl->size; > max_offset = MAX(max_offset, prs_offset(ps)); > if (!prs_set_offset(ps,tmp_offset)) > return False; >@@ -303,6 +368,12 @@ > > if(!prs_set_offset(ps, max_offset)) > return False; >+ >+ if(UNMARSHALLING(ps) && (diff_dacl || diff_sacl)) { >+ if(!_sec_reset_sec_desc_offsets(*ppsd, ps, diff_dacl, diff_sacl)) >+ return False; >+ } >+ > return True; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=879">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 2211
: 879 |
892
|
898