Need to map SIDs for unknown users

Gerald (Jerry) Carter jerry at samba.org
Sun Jul 13 02:09:18 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 12 Jul 2003, Andrew Bartlett wrote:

> Just a quick note about out current SID->UID scheme since this week's
> changes:
> 
> As I read it, we will only allocate a SID for a user that exists in
> winbind - ie, a user in a trusted domian, with a currectly active DC.
> 
> This presents a major issue for NAS devices, which often have to deal 
> with down DCs, but also with 'foreign sids' - sids from a user's 
> workstation and the like, that we can never see via winbind.  
> 
> The previous 3.0 code allowed this to work, usually guessing that a gid
> was most appropriate.  While not the best solution, as long as we never
> actually see that user at login, it's fine.
> 
> Fixing this should just be a matter of fixing the code in smbd/uid.c,
> rather than a major redesign.

This design actually introduces a security hole (DoS).  Using 
your solution, if I have access to a file that I can set an ACL
on, I can continually send unknowns SIDs in the ACL and eventually 
exhaust the entire free gid space.

Unless we know a SID is valid, I don't believe we should allocate 
any uid or gid for it.  I realize the problems this causes with domain
controllers down.  If this is a real problem for a NAS box, the 
appliance should store the SID someewhere and resolve it at the last 
possible moment.  But if you store SIDs on the filesystem, the you 
don't need to resolve it to a uid or gid at all.

I'm sure Jeremy will have some more relavant comments on the ACL 
stuff.




cheers, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE/EL9OIR7qMdg1EfYRApu6AJ48ehsvO5fyVxjrCMBRn1orDToGZwCgn2kn
Kr39msIxqG/kx1hzs9+KC5w=
=AANU
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list