Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Dec 30 07:54:32 GMT 1999
On Wed, 29 Dec 1999, Leslie M. Barstow III wrote:
> On Thu, 30 Dec 1999, Luke Kenneth Casson Leighton wrote:
>
> > i like the idea of being able to use winbind to store a unix user's home
> > directory location :) who needs a c:\ drive3, anyway? :-)
>
> Winbind will *have* to do this unless we don't want user home directories.
>
> However, getting returned a password entry like:
>
> jblow:x:5042:10://lame-nt/homes/jblow://lame-nt/logins/jblow.bat
>
> would probably be less than useful :-).
i know. :-)
wine has a scheme to map drives, dunnit?
> Winbind would have to be responsible for returning a reasonable shell and
> home directory (it could go so far as to automount the listed directory).
yep.
either that, or you just say, screw nt, we're going to over-ride the login
profile entries in the SAM db, and we don't care if NT can't do
amdserver:/home/upyourntuser as a home directory. :-)
> > > Re: the sid2*() call: I think the unified call proposed by Luke is more
> > > appropriate than Nico's - you really can't tell in an ACL if the SID
> > > refers to a group or to a user (or a machine). Having to code two calls
> > > is more of a pain for developers in the long run.
> >
> > ok, been thinking about this some more.
> >
> > do we want this:
> >
> > int sid2posix(SID sid, enum *gid_or_uid, uint32/64 posix_id);
> >
> > or do we want this:
> >
> > int sid2posix(SID sid, uint32/64 posix_id);
> >
> > because if you do, then you need to do LsaLookupSids(SID, enum *sid_type,
> > char* name) and you will get a SID_NAME_USER or SID_NAME_GROUP or
> > SID_NAME_ALIAS back, and you have to determine that, ok, it's a
> > SID_NAME_USER therefore the posix_id can be typecast to a uid_t.
>
> Actually, I think I like Nico's latest approach:
>
> int sid2posix(SID sid, SIDtype_t type, posix_id_t posix_id);
>
> enum the valid SID types, and you have a call that both identifies the
> type of SID and does the translation...
... except that you'dd bettwer hope that a SID's type doesn't get changed.
you're taking a risk by storing SID _and_ SID-type when you're not the
authority on that SID.
More information about the samba-technical
mailing list