From a0f41294488fcf4c9dbe5e85be6539394b6d6d1a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 3 Dec 2012 01:42:38 +0100 Subject: s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb() instead of sid_check_sid_is_in_our_sam). This allows for builtin sids, wellknown sids and "Unix User" and "Unix Group" domains. This broadens up the check moved here in commit 02e25b2a43ae02205a3412f862a1482d24b70aa4. Signed-off-by: Michael Adam Reviewed-by: Stefan Metzmacher --- source3/passdb/pdb_ldap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a5b8f0b18a..5bbfb2bc3a 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -53,6 +53,7 @@ #include "lib/winbind_util.h" #include "librpc/gen_ndr/idmap.h" #include "lib/param/loadparm.h" +#include "lib/util_sid_passdb.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_PASSDB @@ -4915,9 +4916,8 @@ static bool ldapsam_sid_to_id(struct pdb_methods *methods, TALLOC_CTX *mem_ctx; - if (!sid_check_is_in_our_sam(sid)) { - /* Not our SID */ - return False; + if (!sid_check_object_is_for_passdb(sid)) { + return false; } mem_ctx = talloc_new(NULL); -- cgit