broken string_to_sid, sid_to_string
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Nov 25 19:40:52 GMT 1998
On Wed, 25 Nov 1998, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> > as the string_to_sid() functions are broken, there is an opportunity _now_
> > to fix them even more proplerly.
> > these functions read the rid components in decimal, they should not: they
> > should read in hex.
> > can we fix this?
> No and here's why - backwards compatibility.
> Imagine the case where someone has a Samba 2.0
> server in an NT domain. It stores it's local machine
> SID in the MACHINE.SID file, in the current format.
> We bring out 2.1, and you have changed the default
> for reading the rid components from the file.
> Suprise (for the Samba admins, anyway :-) - they're no
> longer in the domain. This is a *BAD* thing.
jerem, it's ALREADY broken, this is what i've been trying to tell you.
by fixing sid_to_string and fixing string_to_sid we ALREADY have the
problem that 82.5% by probability (1 - 50% * 50% * 50% because there are
three RIDs in the MACHINE.SID file) of all existing servers will be broken
by this fix, and all these administrators will have to unjoin all nt
workstations and rejoin them.
therefore, given that is is ALREADY broken, we have an opportunity to fix
sid_to_string and string_to_sid to do what they ought to do.
More information about the samba-technical