idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()

If the range allows it, then id==0 should not be forbidden.
This seems to have been taken in from idmap_ldap when the
function was originally created.

See 634cd2e0451d4388c3e3f78239495cf595368b15 .
The other backends don't seem to have had that
extra check for id == 0.

The reasoning for this change is that the range check should
apply to all cases. If the range includes the 0, then it
should be possible to get it as result. In particular,
this way, the function becomes applicable also to the
passdb backend case, e.g. in a samba4-ad-dc setup where
the Admin gets uid == 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 3da39e8923faf24e84d781c162fbd9207c75fad4..196b4adf24756351d5b8dd7911a184cc6d0fa289 100644 (file)
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -34,11 +34,6 @@
  */
 bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom)
 {
-       if (id == 0) {
-               /* 0 is not an allowed unix id for id mapping */
-               return false;
-       }
-
        if ((dom->low_id && (id < dom->low_id)) ||
            (dom->high_id && (id > dom->high_id)))
        {