broken string_to_sid, sid_to_string

Jeremy Allison jallison at
Wed Nov 25 19:59:14 GMT 1998

Luke Kenneth Casson Leighton wrote:
> jerem, it's ALREADY broken, this is what i've been trying to tell you.
> by fixing sid_to_string and fixing string_to_sid we ALREADY have the
> problem that 82.5% by probability (1 - 50% * 50% * 50% because there are
> three RIDs in the MACHINE.SID file) of all existing servers will be broken
> by this fix, and all these administrators will have to unjoin all nt
> workstations and rejoin them.
> therefore, given that is is ALREADY broken, we have an opportunity to fix
> sid_to_string and string_to_sid to do what they ought to do.

It isn't broken for the security=domain case, and that's
*all* I care about right now (until after 2.0 ships).

Adding an 0x to new names written out and assuming
that old names are without an 0x prefix is *not* onerous
and is also upwardly compatible.

What part of "don't break backwards compatibility" 
don't you understand :-) ? Remember, I *really* don't
care about people adding and re-joining domains in
the HEAD branch. These are people on the bleeding
edge and we will change this code in an arbitrary
way as we need to.

I care about the people who have just downloaded
2.0beta[1|2] and have joined an NT Domain.

I *WILL NOT* do anything to break that code in
the name of making our lives easier.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list