Simo Sorce simo.sorce at xsec.it
Tue May 28 05:16:02 GMT 2002

Hi Stefan.

As you may have seen I have already changed the pdb_interface to search
by SID and I'm really i favour to use SIDs inside SAM_ACCOUNT instead of
RIDS, but I think this patch does not address the problem the right way.

What we should do is store the SID in the backends, not convert it at
run time.
I think we may use part of your code inside pdbedit to have a tool to
upgrade from previous backends that store by RID into the new ones.

I'm working on tdbsam2 that will store by SID and have also some other
interesting things (privileges and such) I have discussed with JFM the
last samba experience conference.

What others do think?


On Tue, 2002-05-28 at 13:55, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> (we talk about this on irc yesterday...)
> This patch changes the SAM_ACCOUNT struct.
> It now stores the (user/group) SID not RID.
> I think it's much better to make it possible to store the full sid in the 
> pdb backend,(SID -> uid)  as it is done inthe group mapping ( SID -> gid).
> the functions pdb_(s/g)et_user_rid() should move to pdb_(s/g)et_user_sid()...
> there are:
>          pdb_set_user_sid_from_rid() - to append the rid to the global_sam_sid
>          witch is now use by the passdb backends
> But for now there are wrappers to provide the old functions:
> pdb_(s/g)et_user_rid()
> - I have tested this and works for me:-)
> - With smbd there no problems:-)
> - the only problem was that the pdbedit command didn't have the
>    global_sam_sid so you got S-0-0-1000 a SID for root in the debug message
>    that's not a problem till we change from the pdb_get_user_rid() function to
>    pdb_get_user_sid().:-( (we need to fix this...)
> metze

Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020528/aa58cc44/attachment.bin

More information about the samba-technical mailing list