diff options
author | Stefan Metzmacher <metze@samba.org> | 2021-05-17 17:14:34 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2023-03-22 15:01:32 +0000 |
commit | 9053862b89258850c22735cc4123fe5bc0d2e6fa (patch) | |
tree | 75a31b78e18dcf70a906ea67655d597e93c8650b /lib/ldb-samba | |
parent | be1aae77b7610933b1121f207e0a4df523c2d278 (diff) | |
download | samba-9053862b89258850c22735cc4123fe5bc0d2e6fa.tar.gz |
lib/ldb-samba: let ldif_read_ntSecurityDescriptor() only try sddl if isupper()
Trying ndr_pull_security_descriptor on SDDL produces just strange
debug messages, which can cause confusion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Diffstat (limited to 'lib/ldb-samba')
-rw-r--r-- | lib/ldb-samba/ldif_handlers.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c index b8f04747456..f77a268c1a8 100644 --- a/lib/ldb-samba/ldif_handlers.c +++ b/lib/ldb-samba/ldif_handlers.c @@ -369,6 +369,21 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx struct security_descriptor *sd; enum ndr_err_code ndr_err; + if (in->length >= 2 && isupper(in->data[0]) && in->data[1] == ':') { + /* + * If it starts with an upper case character followed by ':', + * we know it's not NDR, but most likely SDDL... + */ + const struct dom_sid *sid = samdb_domain_sid(ldb); + + sd = sddl_decode(mem_ctx, (const char *)in->data, sid); + if (sd == NULL) { + return -1; + } + + goto decoded; + } + sd = talloc(mem_ctx, struct security_descriptor); if (sd == NULL) { return -1; @@ -377,16 +392,11 @@ static int ldif_read_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ctx ndr_err = ndr_pull_struct_blob(in, sd, sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - /* If this does not parse, then it is probably SDDL, and we should try it that way */ - - const struct dom_sid *sid = samdb_domain_sid(ldb); talloc_free(sd); - sd = sddl_decode(mem_ctx, (const char *)in->data, sid); - if (sd == NULL) { - return -1; - } + return -1; } +decoded: ndr_err = ndr_push_struct_blob(out, mem_ctx, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor); talloc_free(sd); |