Mixed profiles w/Samba-PDC

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri May 29 12:10:20 GMT 1998

On Fri, 29 May 1998, Jeremy Allison wrote:

> Mark Funkenhauser wrote:
> > 
> > So, if the Sambe PDC is to work with the POSIX subsystem(s)
> > (the MS POSIX subsytem is *not* the only commercial POSIX subsystem
> >  implementation)
> > it has to ensure that RID's do not get any larger than 0x100000.
> > 
> Hmmm. That's going to be a problem I think. Currently,
> we plan to encode the UNIX account type (user or group)
> in the RID, using the top 4 bits. We have to do this as
> we need to determine, given a RID from an NT box, whether
> this maps back to a UNIX uid_t or gid_t.

um... there is at least one other method i can think of, which is not very
optimal but i think microsoft have this base already covered and i think
you will find that it is not a problem.

to confirm this, can anyone tell me if there is a Lose32 function that
says "what kind of RID is this?  a user, group, alias or other?"

the non-optimal method is to simply search the entire (SEPARATE) user rid
database and the entire (SEPARATE) group rid database.  note that the
group rid database does not exist, and one instance of the user rid
database is private/smbpasswd+private/samdb.

when you get a RID in a structure returned from a lookup or enumeration,
it is already marked with an ENUM which tells you what kind of RID it is,
in that structure.

therefore, jeremy, your suggestion is an optimisation that a) may be
unnecessary b)  may cause problems as you outline below. 

> I suppose we could always encode the account type info
> in the bottom bits instead, so the RID encoding would look
> like (in big-endian format):
> <----20 bits--------->|<-12 bits-->|
> +----------------+----+------------+
> | uid_t or gid_t+1    |'known' user|
> +----------------+----+------------+
>               or      |account type|
>                       +------------+
> If the top 20 bits are 0 - then it's a 'well
> known account', if the top 20 bits are != 0
> then the account type (UNIX user or group)
> is encoded in the bottom 4 bits.
> This is still a bit tight for your POSIX
> subsystem though, as it only gives 0xFFF
> unique UNIX users or groups.
> What does your POSIX subsystem do if it gets
> a RID >0x100000 as a primary domain rid ? 
> This is looking increasingly likely...... :-(.
> Cheers,
> 	Jeremy.
> -- 
> --------------------------------------------------------
> Buying an operating system without source is like buying
> a self-assembly Space Shuttle with no instructions.
> --------------------------------------------------------

More information about the samba-ntdom mailing list