s3: Fix smbcontrol smbd idmap kill S-1-5-21-...

The calls to sid_to_gid and sid_to_uid create id mapping entries themselves,
which makes it pretty difficult to reliably delete id mapping entries
everywhere just using a SID.

diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c
index 564952b2c4b02b4c0084a49a448bb4d07570ed16..4a507a31ccc0d37777bb599e440f61e2bd07398a 100644 (file)
--- a/source3/smbd/msg_idmap.c
+++ b/source3/smbd/msg_idmap.c
@@ -29,6 +29,7 @@
 #include "smbd/smbd.h"
 #include "globals.h"
 #include "../libcli/security/dom_sid.h"
+#include "../libcli/security/security_token.h"
 #include "idmap_cache.h"
 #include "passdb/lookup_sid.h"
 #include "auth.h"
@@ -103,12 +104,25 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid)
 
 static bool sid_in_use(const struct user_struct* user, const struct dom_sid* psid)
 {
-       uid_t uid;
-       gid_t gid;
-       if (sid_to_gid(psid, &gid)) {
-               return gid_in_use(user, gid);
-       } else if (sid_to_uid(psid, &uid)) {
-               return uid_in_use(user, uid);
+       while (user) {
+               struct security_token *tok;
+
+               if (user->session_info == NULL) {
+                       continue;
+               }
+               tok = user->session_info->security_token;
+               if (tok == NULL) {
+                       /*
+                        * Not sure session_info->security_token can
+                        * ever be NULL. This check might be not
+                        * necessary.
+                        */
+                       continue;
+               }
+               if (security_token_has_sid(tok, psid)) {
+                       return true;
+               }
+               user = user->next;
        }
        return false;
 }