Security Identifier (SID) to User Identifier (uid) Resolution System

[Luke Kenneth Casson Leighton]

On Tue, 4 Jan 2000, Cole, Timothy D. wrote:

> > -----Original Message-----
> > From:	Luke Kenneth Casson Leighton [SMTP:lkcl at samba.org]
> > Sent:	Tuesday, January 04, 2000 14:57
> > To:	Cole, Timothy D.
> > Cc:	Multiple recipients of list SAMBA-TECHNICAL; 'tcole at bitsmart.com'
> > Subject:	RE: Security Identifier (SID) to User Identifier (uid)
> > Resolution  System
> > 
> > i'd still prefer surs_posix2sid, having to set up the tpy+asuid or
> > type+asgid as required.
> > 
> > one less function is one less function :-)
> > 
> 	Ehh, yes, but observe the following:
> 
> 	 {
> 	 	surs_posix_id posix_id;
> 	 	surs_sid sid;
> 	 	int error;
> 
> 	 	id.type = SURS_POSIX_UID;
> 	 	id.id.as_uid = getuid();
> 
> 	 	error = surs_posix2sid(&sid, &posix_id);
> 	 	/* ... etc ... */
> 	 }
> 
> 	versus:
> 
> 	 {
> 	 	surs_sid sid;
> 	   int error;
> 
> 	   error = surs_uid2sid(&sid, getuid());
> 	 	/* ... etc ... */
> 	 }
> 
> 	Which API would you rather code to, and which is more readable?
>

ok, i go for that.

> 	Actally, there's another rationale at work here, too... regardless
> of how the actual table is stored (I imagine in practice it'd be one, or at
> most two, tables), there are really three "logical" tables:
> 
> 	 1. sid -> posix uid/gid
> 	 2. uid -> sid
> 	 3. gid -> sid

note: sid MUST be unique in all three "logical" tables.  uid MUST be
unique in "logical" tables 1 and 2.  gid MUST be unique in "logical"
tables 1 and 3.

> 	Sorry, I have a penchant for turning even the most trivial things
> into ridiculously long discussions... :/

nitty gritty: fine by me.