Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Luke Kenneth Casson Leighton lkcl at
Thu Dec 30 07:54:32 GMT 1999

On Wed, 29 Dec 1999, Leslie M. Barstow III wrote:

> On Thu, 30 Dec 1999, Luke Kenneth Casson Leighton wrote:
> > i like the idea of being able to use winbind to store a unix user's home
> > directory location :)  who needs a c:\ drive3, anyway? :-)
> Winbind will *have* to do this unless we don't want user home directories.
> However, getting returned a password entry like:
> jblow:x:5042:10://lame-nt/homes/jblow://lame-nt/logins/jblow.bat
> would probably be less than useful :-).

i know. :-)

wine has a scheme to map drives, dunnit?
> Winbind would have to be responsible for returning a reasonable shell and
> home directory (it could go so far as to automount the listed directory).


either that, or you just say, screw nt, we're going to over-ride the login
profile entries in the SAM db, and we don't care if NT can't do
amdserver:/home/upyourntuser as a home directory. :-)

> > > Re: the sid2*() call:  I think the unified call proposed by Luke is more
> > > appropriate than Nico's - you really can't tell in an ACL if the SID
> > > refers to a group or to a user (or a machine).  Having to code two calls
> > > is more of a pain for developers in the long run.
> > 
> > ok, been thinking about this some more.
> > 
> > do we want this:
> > 
> > int sid2posix(SID sid, enum *gid_or_uid, uint32/64 posix_id);
> > 
> > or do we want this:
> > 
> > int sid2posix(SID sid, uint32/64 posix_id);
> > 
> > because if you do, then you need to do LsaLookupSids(SID, enum *sid_type,
> > char* name) and you will get a SID_NAME_USER or SID_NAME_GROUP or
> > SID_NAME_ALIAS back, and you have to determine that, ok, it's a
> > SID_NAME_USER therefore the posix_id can be typecast to a uid_t.
> Actually, I think I like Nico's latest approach:
> int sid2posix(SID sid, SIDtype_t type, posix_id_t posix_id);
> enum the valid SID types, and you have a call that both identifies the
> type of SID and does the translation...

... except that you'dd bettwer hope that a SID's type doesn't get changed.
you're taking a risk by storing  SID _and_ SID-type when you're not the
authority on that SID.

More information about the samba-technical mailing list