[Fwd: Mixed profiles w/Samba-PDC]

Jeremy Allison jallison at whistle.com
Sat May 30 02:59:00 GMT 1998


Here's my current solution to the RID <--> uid/gid mapping
that I've been discussing with the OpenNT people.

It seems to solve most of the RID problems we've been
discussing. These are :

RIDs generated from a Samba PDC will should be <24 bits
and must avoid the well known RID space <1000 and will also
be uniquely identifiable when sent to Samba in an ACL
list.

The scheme below takes the bottom 3 bits and OR's
the account type into them, and then adds 1000 to move
the generated SID out of the well known range.

Using the scheme below, root (uid 0) maps into RID
1000. If group wheel were gid 0 this would map into
RID 1001. uid 1 maps to RID 1008, gid 1 maps to RID 
1009 etc.

ie. rid = (uid*8) + 1000;
    gid = (gid*8) + 1001;

Any RID < 1000 is a well known rid.
The RID type (user, group, or machine account) is encoded
in the bottom 3 bits. To convert from a uid to rid :

#define USER_RID_TYPE 0

rid = (((((uint32)uid)*8) + 1000) | USER_RID_TYPE);

To convert from a gid to rid :

#define GROUP_RID_TYPE 1

rid = (((((uint32)gid)*8) + 1000) | GROUP_RID_TYPE);

On receipt of a RID, do the following :

if (rid < 1000) 
  rid is well known.

else if ((rid & 7) == USER_RID_TYPE)
  uid = (uid_t)((u_rid / 8) - 1000);

else if ((rid & 7) == GROUP_RID_TYPE)
  gid = (gid_t)((g_rid / 8) - 1000);


I've coded this up and am ready to check it into the
main branch.

Speak now - or I'll do the checkin on Monday... :-).

Cheers,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
-------------- next part --------------
An embedded message was scrubbed...
From: Jeremy Allison <jallison at whistle.com>
Subject: Re: Mixed profiles w/Samba-PDC
Date: Fri, 29 May 1998 18:37:26 -0700
Size: 4689
Url: http://lists.samba.org/archive/samba-ntdom/attachments/19980529/b1819dbf/attachment.eml


More information about the samba-ntdom mailing list