summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-09-05 13:11:59 +0200
committerVolker Lendecke <vlendec@samba.org>2011-09-05 16:30:41 +0200
commit303962e3708266810996cde496a6f87b7b4c4bc6 (patch)
tree79987769b947dba1fce342939b73ba1e24398875 /source3
parent76ba67862f9615ca325d4118496837ca27c710e0 (diff)
downloadsamba-303962e3708266810996cde496a6f87b7b4c4bc6.tar.gz
samba-303962e3708266810996cde496a6f87b7b4c4bc6.tar.bz2
samba-303962e3708266810996cde496a6f87b7b4c4bc6.zip
s3: Fix smbcontrol smbd idmap kill S-1-5-21-...
The calls to sid_to_gid and sid_to_uid create id mapping entries themselves, which makes it pretty difficult to reliably delete id mapping entries everywhere just using a SID. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Sep 5 16:30:41 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/msg_idmap.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c
index 00b2a8b0ca..dbd151d1cd 100644
--- a/source3/smbd/msg_idmap.c
+++ b/source3/smbd/msg_idmap.c
@@ -21,6 +21,7 @@
#include "smbd/globals.h"
#include "smbd/smbd.h"
#include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security_token.h"
#include "idmap_cache.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
@@ -64,12 +65,25 @@ static bool gid_in_use(const struct user_struct *user, gid_t gid)
static bool sid_in_use(const struct user_struct *user,
const struct dom_sid *psid)
{
- uid_t uid;
- gid_t gid;
- if (sid_to_gid(psid, &gid)) {
- return gid_in_use(user, gid);
- } else if (sid_to_uid(psid, &uid)) {
- return uid_in_use(user, uid);
+ while (user) {
+ struct security_token *tok;
+
+ if (user->session_info == NULL) {
+ continue;
+ }
+ tok = user->session_info->security_token;
+ if (tok == NULL) {
+ /*
+ * Not sure session_info->security_token can
+ * ever be NULL. This check might be not
+ * necessary.
+ */
+ continue;
+ }
+ if (security_token_has_sid(tok, psid)) {
+ return true;
+ }
+ user = user->next;
}
return false;
}