Any plans to fix Bug 1139 in 3.0.3?

Jed Davis jdev at panix.com
Mon Mar 29 20:40:53 GMT 2004 

[This sort of thing should to to internals, I suppose.]

Jed Davis <jdev at panix.com> writes on the general list:

> Andrew Bartlett <abartlet at samba.org> writes:
>
>> I understand the issue here (I asked for it to be filed).
>>
>> The issue is that the SID->??? code can get confused, because we have
>> not got 'sid_to_id' code, that can return any kind of id.  Instead, we
>> can call sid_to_uid(), which will fallback to nasty incorrect values,
>> before we try sid_to_gid().
>
> I don't see anything in sid_to_uid or local_sid_to_uid that will do
> any kind of fallback if a local SID isn't in the passdb.  If the call
> to pdb_getsampwuid fails, local_sid_to_uid returns False to
> sid_to_uid, which then returns NT_STATUS_UNSUCCESSFUL.
>
> The _to_gid equivalents, however, do fall back on algorithmic mapping
> for any local SID with an odd RID, which I assume is because groups
> don't need any special registration with Samba the way users do, and
> thus it makes sense to implicitly map them back and forth.
>
> Therefore, unless I've missed something, swapping the calls in
> create_canon_ace_lists should fix this bug without creating any new
> ones.

That needs rephrasing: it does fix this bug, and as far as I know it
shouldn't create any more.

To test this, I created a group with `net groupmap` having RID 2094,
which corresponds algorithmically to uid 547, which belongs to an
account that was imported from Windows, and thus isn't using that RID.
The associated Unix group is 77 (pcap), which I picked for no
particular reason from /etc/group.  I then added an ACL entry for that
group to a file from a Windows client (with the permissions GUI),
while running the modified smbd with -d 10.  The result:

[2004/03/29 14:57:50, 10] passdb/lookup_sid.c:sid_to_uid(396)
  sid_to_uid: my domain (S-1-5-21-4061480941-3245480631-1304912463-2094) - trying local.
{...}
[2004/03/29 14:57:50, 5] passdb/pdb_tdb.c:tdbsam_getsampwrid(327)
  pdb_getsampwrid (TDB): error looking up RID 2094 by key RID_0000082e.
   Error: Record does not exist
{...}
[2004/03/29 14:57:50, 8] passdb/passdb.c:local_sid_to_uid(1164)
  local_sid_to_uid: Could not find SID S-1-5-21-4061480941-3245480631-1304912463-2094 in passdb
[2004/03/29 14:57:50, 10] passdb/lookup_sid.c:sid_to_uid(401)
  sid_to_uid: local lookup failed
[2004/03/29 14:57:50, 3] passdb/lookup_sid.c:fetch_gid_from_cache(256)
  fetch uid from cache 77 -> S-1-5-21-4061480941-3245480631-1304912463-2094
{Is this^^^ a typo?}
[2004/03/29 14:57:50, 10] smbd/posix_acls.c:create_canon_ace_lists(1488)
  create_canon_ace_lists: adding file ACL:
  canon_ace index 0. Type = allow SID = S-1-5-21-4061480941-3245480631-1304912463-2094 gid 77 (pcap) SMB_ACL_GROUP perms r-x



-- 
dn: cn=Jed Davis, ou=tech, o=panix.com # "But life wasn't yes-no, on-off.
objectclass: person               #  Life was shades of gray, and rainbows
mail;personal: jdev at panix.com      #  not in the order of the spectrum."
mail;work:     jld@/                #  -- L. E. Modesitt, Jr., _Adiamante_
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040329/a576a1b9/attachment.bin

More information about the samba-technical mailing list