[PATCH] store SID's in SAM_ACCOUNT

Stefan (metze) Metzmacher metze at metzemix.de
Tue May 28 05:45:04 GMT 2002 

At 05:28 28.05.2002 -0700, you wrote:
>On Tue, May 28, 2002 at 02:07:52PM +0200, Simo Sorce wrote:
> > Hi Stefan.
> >
> > As you may have seen I have already changed the pdb_interface to search
> > by SID and I'm really i favour to use SIDs inside SAM_ACCOUNT instead of
> > RIDS, but I think this patch does not address the problem the right way.
> >
> > What we should do is store the SID in the backends, not convert it at
> > run time.
>
>Given time, yes.  But (for example) we really cannot change the LDAP schema
>at this stage (we must certainly still support the current schema) and other
>backends might chose to store the RID/SID in a way that best suits their
>technology.

I agree with Andrew

> > I think we may use part of your code inside pdbedit to have a tool to
> > upgrade from previous backends that store by RID into the new ones.
>
>I don't see the need for a forced 'upgrade'.  New backends can use this - but
>with the majoir passdb backends (ldap, smbpasswd) still being RID based into
>the future, we are going to still need this.
>
> > I'm working on tdbsam2 that will store by SID and have also some other
> > interesting things (privileges and such) I have discussed with JFM the

Storing privileges would be fine.

> > last samba experience conference.
>
>BTW, pdbedit already handles 'upgrades', just import from one format and
>export to the other.  This code will ensure that it all 'just works'
>
> > What others do think?
>
>I think this patch is fine.  We have to start somewhere - and while you
>might *like* to rework the while passdb in one hit, I don't see any reason
>why an incremental patch cannot be applied in the meantime.
>
>On the patch itself, my only comment is that when implementing the
>compatibilty functions, make them call the 'real' funcitons (see
>pdb_set_plaintext_password()) rather than modifiying the struct directly.
>
>Also I see you still have pdb_set_user_rid(), which just calls the fallback.
>If this is really a complete patch, then these functions can go, and other
>coders will notice it - and hopfully see what the new interface is.

I change this..

>Either that, or don't rename the fn at all.
>
>Finally, re the SID initialisation:  Make a new function that returns the
>global sam sid.  Make it 'auto-initailise', if its not been run before, then
>it should figure it out, and store it in a static.

I will see what I can do...

And I remove all pdb_get_rid()'s and replace them with 
sid_peek_rid(pdb_get_sid())...


metze
-----------------------------------------------------------------------------
Stefan "metze" Metzmacher <metze at metzemix.de>

More information about the samba-technical mailing list