[PATCH] central range check for sids2xids

Andreas Schneider asn at samba.org
Wed Aug 10 07:25:45 UTC 2016

On Tuesday, 9 August 2016 18:39:36 CEST Michael Adam wrote:
> Hi all,
> The attached patch introduces a central range check
> for the unix ids produced by the id mapping backends
> (sids2xids).
> I noticed that some backends (at least ad and hash),
> have no range check any more. This is dangerous
> because it can lead to ids leaking out of id-mapping
> that are from ranges that this backend is not
> responsible for the backward mapping xids2sids
> would then lead to a different sid than the one
> started with.
> Instead of adding this to all backends, here is
> a patch that adds the check to the central
> winbind code.
> Opinions?

I missed that mail yesterday. Normally a bug should be opened before we create 
the master patch so the bug URL is already present. We need this backported!

Please open a bug for that. Thanks!

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list