wbcUidToSid
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Jun 19 02:22:25 MDT 2011
On Sat, Jun 18, 2011 at 08:38:13PM -0500, Shirish Pargaonkar wrote:
> On Fri, Jun 17, 2011 at 11:17 PM, Volker Lendecke
> <Volker.Lendecke at sernet.de> wrote:
> > On Fri, Jun 17, 2011 at 03:01:45PM -0500, Shirish Pargaonkar wrote:
> >> Is there a call/api to verify that the uid being passed to wbcUidToSid
> >> is within the range specified by idmap uid in smb.conf
> >> and the same for gid?
> >
> > No. What would you need it for?
>
> When I am doing either uid gid mapping to sid to build a
> security descriptor to change owner/group at the server,
> if the id happens to be local to the client, winbind will give
> me a fabricated sid.
> (e.g. for uid 1000, wbcUidToSid returns S-1-22-1-1001).
>
> So I can check before calling wbcUidToSid whether the uid/gid
> falls within respective range and if not, error out chown/chgrp requests.
> Basically for a file on a share, chown/chgrp requests are
> entertained only for the users on the server.
Can't you error out if the sid starts with S-1-22? Those
should never happen as real sids.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list