LookupAccountSid&LookupAccount (fwd)

Jeremy Allison jallison at whistle.com
Mon Jun 1 16:58:45 GMT 1998

Luke Kenneth Casson Leighton wrote:
> SID_NAME_USE can be:
>         SidTypeUser
>         SidTypeGroup
>         SidTypeDomain
>         SidTypeAlias
>         SidTypeWellKnownGroup
>         SidTypeDeletedAccount
>         SidTypeInvalid
>         SidTypeUnknown
> BTW: Jeremy in his last mail is proposing the same thing.
> SidTypeUser=1 and jeremy is proposing #define USER_RID_TYPE 0.

Well, as I'm allocating 3 bits then we only have 8 values
so starting at 1 would be a mistake, given the range above :-).

What I'd like to do is only allocate 2 bits, as the types
we actually care about are :

SidTypeUser, SidTypeGroup, SidTypeAlias, SidTypeWellKnownGroup.

This gives us more bits for the user and group values.

We should never generate SidTypeDeletedAccount, SidTypeInvalid
or SidTypeUnknown, and SidTypeWellKnownGroup is instantly
identifiable as it's RID is <1000.

> another alternative optimisation is to allocate blocks of RIDs (in groups
> of 0x400, for example) and have two files with ranges in them: one which
> specifies which batch of 0x400-spaced-out RIDs have been allocated as
> group RIDs; the other specifies which have been allocated as user RIDs.
> i would expect the group RIDs file to be small; the user RIDs file to be
> large(r).

This is not (IMHO) a viable option. It might work with 100, or
even 1000 users, but not with 10,000. Don't forget, there are
Samba sites being planned with 12,000 users - over 3000 simultaneous.

The lookup needs to be simple and fast, and completely free
of locking issues when multiple smbd are doing a lookup/mapping.

Files fail on all these counts :-).


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list