lookup_sid and well-known SIDs

Kai Krueger kai at kruegernetz.de
Fri Sep 20 21:46:00 GMT 2002

the attached patch (against HEAD) tries to cleanup the way well-known SIDs
are handled in the lookup_sid() and lookup_name() functions. With this
patch, the SID or name is first checked against a list of well-known SIDs.
If this failes, the SID or name is again checked against the list to see if
its domain is known (i.e. it is a locally handled domain). If yes, the SID
or name is resolved locally in passdb, otherwise winbind is used to resolve

Beforehand, well-known SIDs were not really handled at all. As they were
unknown to the local resolver, winbind was tried with those SIDs. According
to Andreas Gruenbacher, the caching mechanism of winbind however returns
wrong results for those SIDs.
In addition, some well known SIDs were missing, and others had the wrong

I've tried to map the behaviour of win2k as closely as possible.

I haven't tested this patch with winbind, so I can't verify if it corrects
the problems with winbind

lib/sid_util.c split_domain_name() sets the domain to global_myname if it is
empty. This breaks the lookup_name() on PDCs for SIDs that don't have a
domain name (e.g. S-1-1-0 -> Everyone). Can the behaviour of
split_domain_name() be changed?

Any comments are welcome,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lookup_sid.diff
Type: application/octet-stream
Size: 23508 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020920/e75bac95/lookup_sid.obj

More information about the samba-technical mailing list