Print this page
SUP-549 Can't remove the Domain Admin from the local administrators group. (fix copyrights)
SUP-549 Can't remove the Domain Admin from the local administrators group.
Reviewed by: Dan Fields <dan.fields@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
@@ -18,13 +18,13 @@
*
* CDDL HEADER END
*/
/*
- * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
* Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013 RackTop Systems.
+ * Copyright 2016 Nexenta Systems, Inc. All rights reserved.
*/
#include <stdlib.h>
#include <strings.h>
#include <unistd.h>
@@ -140,12 +140,16 @@
uint32_t m_idx;
uint32_t m_rid;
uint16_t m_type;
} smb_lgmid_t;
+/* Buffer size to hold hex form of the above (>24). */
#define SMB_LGRP_MID_HEXSZ 32
+/* Size of idx,rid parts of above, in hex form. */
+#define SMB_LGRP_IDXRID_LEN 16
+
/* Member list */
typedef struct smb_lgmlist {
uint32_t m_cnt;
char *m_ids;
} smb_lgmlist_t;
@@ -2037,10 +2041,14 @@
* (in_members) if it's already there. The result list will b
* returned in out_members. The caller must free the allocated
* memory for out_members by calling free().
*
* in_members and out_members are hex strings.
+ *
+ * Note that we ignore the SID "type" when matching because
+ * we always want to delete when the SID part matches.
+ * The "type" part can be fiction.
*/
static int
smb_lgrp_mlist_del(smb_lgmlist_t *in_members, smb_lgmid_t *mid,
smb_lgmlist_t *out_members)
{
@@ -2071,11 +2079,12 @@
mid_hexsz = bintohex((const char *)mid, sizeof (smb_lgmid_t),
mid_hex, sizeof (mid_hex));
in_list = in_members->m_ids;
for (i = 0, out_cnt = 0; i < in_members->m_cnt; i++) {
- if (strncmp(in_list, mid_hex, mid_hexsz)) {
+ /* Keep only those NOT matching in IDX,RID */
+ if (strncmp(in_list, mid_hex, SMB_LGRP_IDXRID_LEN)) {
(void) strncat(out_list, in_list, mid_hexsz);
out_cnt++;
}
in_list += mid_hexsz;
}