Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Dec 30 07:32:55 GMT 1999
On Thu, 30 Dec 1999, Jeremy Allison wrote:
> Nicolas Williams wrote:
> > Now, I agree that if the only thing Samba needs to do is convert
> > uids/gids to SIDs then using the fileserver's host SID as the base SID
> > and algorythmically converting uids/gids to RIDs of that SID works
> > fine.
>
> Hurrah, we agree :-).
ok, i picked up on this, earlier. iwas going to leave it, but i see that
i can't.
i believe nicolas to be assuming that the uid/gids to RIDS mapping
function is capable of dealing with more than one SID, a la microsoft
POSIX / NT algorithm:
draft-lkcl-sidtouid=map-00.txt, section 6.2:
typedef uint32 uid_t;
/* can be used to map a SID to a POSIX uid (32 bit) */
uid_t map_sid_to_uid(SID sid)
{
uint32 rid;
uint32 uid_offset = 0x0;
SID dom_sid;
/* split a SID into its last RID and the rest, e.g
S-1-5-21-aaa-bbb-ccc-10001 into
S-1-5-21-aaa-bbb-ccc and 10001 */
split_sid(sid, dom_sid, rid);
/* our own SAM database */
if (dom_sid == my_sam_sid)
{
return (rid & 0xffff);
}
/* the SAM of the Domain we are a member of */
if (is_member_of_domain() && dom_sid == domain_member_sid)
{
uid_offset += 0x10000;
return (rid & 0xffff) + uid_offset;
}
/* all other Trusted Domains */
while ((trusted_domain == gettrustdcsident()) != NULL)
{
uid_offset += 0x10000;
if (dom_sid == trusted_domain)
{
return (rid & 0xffff) + uid_offset;
}
}
return -1; /* oops! */
}
More information about the samba-technical
mailing list