wbcUidToSid

Shirish Pargaonkar shirishpargaonkar at gmail.com
Sat Jun 18 19:38:13 MDT 2011


On Fri, Jun 17, 2011 at 11:17 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Fri, Jun 17, 2011 at 03:01:45PM -0500, Shirish Pargaonkar wrote:
>> Is there a call/api to verify that the uid being passed to wbcUidToSid
>> is within the range specified by idmap uid in smb.conf
>> and the same for gid?
>
> No. What would you need it for?

When I am doing either uid gid mapping to sid to build a
security descriptor to change owner/group at the server,
if the id happens to be local to the client, winbind will give
me a fabricated sid.
(e.g. for uid 1000, wbcUidToSid returns S-1-22-1-1001).

So I can check before calling wbcUidToSid whether the uid/gid
falls within respective range and if not, error out chown/chgrp requests.
Basically for a file on a share, chown/chgrp requests are
entertained only for the users on the server.

>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
>


More information about the samba-technical mailing list