diff options
author | Volker Lendecke <vl@samba.org> | 2011-09-05 13:11:59 +0200 |
---|---|---|
committer | Volker Lendecke <vlendec@samba.org> | 2011-09-05 16:30:41 +0200 |
commit | 303962e3708266810996cde496a6f87b7b4c4bc6 (patch) | |
tree | 79987769b947dba1fce342939b73ba1e24398875 /source3 | |
parent | 76ba67862f9615ca325d4118496837ca27c710e0 (diff) | |
download | samba-303962e3708266810996cde496a6f87b7b4c4bc6.tar.gz samba-303962e3708266810996cde496a6f87b7b4c4bc6.tar.bz2 samba-303962e3708266810996cde496a6f87b7b4c4bc6.zip |
s3: Fix smbcontrol smbd idmap kill S-1-5-21-...
The calls to sid_to_gid and sid_to_uid create id mapping entries themselves,
which makes it pretty difficult to reliably delete id mapping entries
everywhere just using a SID.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 5 16:30:41 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/msg_idmap.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c index 00b2a8b0ca..dbd151d1cd 100644 --- a/source3/smbd/msg_idmap.c +++ b/source3/smbd/msg_idmap.c @@ -21,6 +21,7 @@ #include "smbd/globals.h" #include "smbd/smbd.h" #include "../libcli/security/dom_sid.h" +#include "../libcli/security/security_token.h" #include "idmap_cache.h" #include "passdb/lookup_sid.h" #include "auth.h" @@ -64,12 +65,25 @@ static bool gid_in_use(const struct user_struct *user, gid_t gid) static bool sid_in_use(const struct user_struct *user, const struct dom_sid *psid) { - uid_t uid; - gid_t gid; - if (sid_to_gid(psid, &gid)) { - return gid_in_use(user, gid); - } else if (sid_to_uid(psid, &uid)) { - return uid_in_use(user, uid); + while (user) { + struct security_token *tok; + + if (user->session_info == NULL) { + continue; + } + tok = user->session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + continue; + } + if (security_token_has_sid(tok, psid)) { + return true; + } + user = user->next; } return false; } |