wbcUidToSid
Shirish Pargaonkar
shirishpargaonkar at gmail.com
Sun Jun 19 09:22:57 MDT 2011
On Sun, Jun 19, 2011 at 3:22 AM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Sat, Jun 18, 2011 at 08:38:13PM -0500, Shirish Pargaonkar wrote:
>> On Fri, Jun 17, 2011 at 11:17 PM, Volker Lendecke
>> <Volker.Lendecke at sernet.de> wrote:
>> > On Fri, Jun 17, 2011 at 03:01:45PM -0500, Shirish Pargaonkar wrote:
>> >> Is there a call/api to verify that the uid being passed to wbcUidToSid
>> >> is within the range specified by idmap uid in smb.conf
>> >> and the same for gid?
>> >
>> > No. What would you need it for?
>>
>> When I am doing either uid gid mapping to sid to build a
>> security descriptor to change owner/group at the server,
>> if the id happens to be local to the client, winbind will give
>> me a fabricated sid.
>> (e.g. for uid 1000, wbcUidToSid returns S-1-22-1-1001).
>>
>> So I can check before calling wbcUidToSid whether the uid/gid
>> falls within respective range and if not, error out chown/chgrp requests.
>> Basically for a file on a share, chown/chgrp requests are
>> entertained only for the users on the server.
>
> Can't you error out if the sid starts with S-1-22? Those
> should never happen as real sids.
Yes, that will work. What does authority identifier of 22 mean?
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
>
More information about the samba-technical
mailing list