broken string_to_sid, sid_to_string

Luke Kenneth Casson Leighton lkcl at
Wed Nov 25 19:40:52 GMT 1998

On Wed, 25 Nov 1998, Jeremy Allison wrote:

> Luke Kenneth Casson Leighton wrote:
> > as the string_to_sid() functions are broken, there is an opportunity _now_
> > to fix them even more proplerly.
> > 
> > these functions read the rid components in decimal, they should not: they
> > should read in hex.
> > 
> > can we fix this?
> No and here's why - backwards compatibility.
> Imagine the case where someone has a Samba 2.0
> server in an NT domain. It stores it's local machine
> SID in the MACHINE.SID file, in the current format.
> We bring out 2.1, and you have changed the default
> for reading the rid components from the file. 
> Suprise (for the Samba admins, anyway :-) - they're no
> longer in the domain. This is a *BAD* thing.

jerem, it's ALREADY broken, this is what i've been trying to tell you.  
by fixing sid_to_string and fixing string_to_sid we ALREADY have the
problem that 82.5% by probability (1 - 50% * 50% * 50% because there are
three RIDs in the MACHINE.SID file) of all existing servers will be broken
by this fix, and all these administrators will have to unjoin all nt
workstations and rejoin them.

therefore, given that is is ALREADY broken, we have an opportunity to fix
sid_to_string and string_to_sid to do what they ought to do.


More information about the samba-technical mailing list