lookup_sid and well-known SIDs
kai at kruegernetz.de
Fri Sep 20 21:46:00 GMT 2002
the attached patch (against HEAD) tries to cleanup the way well-known SIDs
are handled in the lookup_sid() and lookup_name() functions. With this
patch, the SID or name is first checked against a list of well-known SIDs.
If this failes, the SID or name is again checked against the list to see if
its domain is known (i.e. it is a locally handled domain). If yes, the SID
or name is resolved locally in passdb, otherwise winbind is used to resolve
Beforehand, well-known SIDs were not really handled at all. As they were
unknown to the local resolver, winbind was tried with those SIDs. According
to Andreas Gruenbacher, the caching mechanism of winbind however returns
wrong results for those SIDs.
In addition, some well known SIDs were missing, and others had the wrong
I've tried to map the behaviour of win2k as closely as possible.
I haven't tested this patch with winbind, so I can't verify if it corrects
the problems with winbind
lib/sid_util.c split_domain_name() sets the domain to global_myname if it is
empty. This breaks the lookup_name() on PDCs for SIDs that don't have a
domain name (e.g. S-1-1-0 -> Everyone). Can the behaviour of
split_domain_name() be changed?
Any comments are welcome,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 23508 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020920/e75bac95/lookup_sid.obj
More information about the samba-technical