From 303962e3708266810996cde496a6f87b7b4c4bc6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 5 Sep 2011 13:11:59 +0200 Subject: s3: Fix smbcontrol smbd idmap kill S-1-5-21-... The calls to sid_to_gid and sid_to_uid create id mapping entries themselves, which makes it pretty difficult to reliably delete id mapping entries everywhere just using a SID. Autobuild-User: Volker Lendecke Autobuild-Date: Mon Sep 5 16:30:41 CEST 2011 on sn-devel-104 --- source3/smbd/msg_idmap.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c index 00b2a8b0ca..dbd151d1cd 100644 --- a/source3/smbd/msg_idmap.c +++ b/source3/smbd/msg_idmap.c @@ -21,6 +21,7 @@ #include "smbd/globals.h" #include "smbd/smbd.h" #include "../libcli/security/dom_sid.h" +#include "../libcli/security/security_token.h" #include "idmap_cache.h" #include "passdb/lookup_sid.h" #include "auth.h" @@ -64,12 +65,25 @@ static bool gid_in_use(const struct user_struct *user, gid_t gid) static bool sid_in_use(const struct user_struct *user, const struct dom_sid *psid) { - uid_t uid; - gid_t gid; - if (sid_to_gid(psid, &gid)) { - return gid_in_use(user, gid); - } else if (sid_to_uid(psid, &uid)) { - return uid_in_use(user, uid); + while (user) { + struct security_token *tok; + + if (user->session_info == NULL) { + continue; + } + tok = user->session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + continue; + } + if (security_token_has_sid(tok, psid)) { + return true; + } + user = user->next; } return false; } -- cgit