Security Identifier (SID) to User Identifier (uid) Resolution System

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Jan 5 16:55:13 GMT 2000 

On Thu, 6 Jan 2000, Cole, Timothy D. wrote:

> > -----Original Message-----
> > From:	Steve Langasek [SMTP:vorlon at netexpress.net]
> > Sent:	Tuesday, January 04, 2000 20:40
> > To:	Multiple recipients of list SAMBA-TECHNICAL
> > Subject:	RE: Security Identifier (SID) to User Identifier (uid)
> > Resolution  System
> > 
> > On Wed, 5 Jan 2000, Luke Kenneth Casson Leighton wrote:
> > 
> > > > 	Well, I said what I did under the assumption that there would be no
> > > > mapping from -2 back to any SID (i.e. the mapping function would
> > fail).
> > 
> > > the mapping from SID to unknowwn uid MUST fail.  the mapping from uid to
> > > unknown SID MUST fail.
> > 
> > Wouldn't this be a cosmetic issue?  If the driver only allows access to
> > the
> > resource if it can successfully map a uid/gid to an SID, and it's explicit
> > that the 'nobody' uid will *not* map to an SID, then it will only *appear*
> > that user 'nobody' has read/write/whatever access.  That, IMHO, is a lot
> > better than returning -1 from stat() and having to invent a new errno for
> > the
> > occasion.  Returning a uid that no one on the system is supposed to be
> > using should be relatively harmless, as long as it doesn't mean that POSIX
> > uid
> > isn't *really* granted illegitimate access to the file.
> > 
> 	Well, that's a good point; I hadn't actually realized that it's not
> really a problem _as long as the mapping is one-way_.
> 
> 	We can't really just allow stat() to fail, either -- imagine what
> would happen if the root of the filesystem had a primary group with an
> unknown SID.  That shouldn't actually affect anyone else's access to
> anything one way or another (and doesn't in similar sitations under NT), but
> if stat() just failed, it'd really screw all kinds of things up very very
> badly.

it's not stat() that would fail.  it's that an SMB query that needed a SID
to uid conversion or vice-versa would be failed "access dined" even brore
_getting_ to the stat.

or, having done a stat, and getting the uid, do a SID to uid conversion
and if the conversion fails, return ACCESSDENIED.

More information about the samba-technical mailing list