The Well-Known sids on Samba

Jianliang Lu j.lu at tiesse.com
Fri May 14 08:35:20 GMT 2004 

The Well-Known sids on Windows NT/XP for NT Authority's users, 
like "Dialup", "Interactive" and "Network", are all type 5, but on Samba are 
type 4, I'd like to know if there are some reasons for it the Samba has 
different implementaton from that of Windows.
Also, the lookup_names for those NT Authority users, 
like "Interactive", "Network" are not implemented, the only implemented 
is "Everyone", as a special case, while the lookup_sids for those well-known 
sids are implemented. I've patched the lookup_names to respond correctly to a 
lsa or samr query for all well-known sids, but I'm not sure if it is correct. 
Any comment will be appreciated.

Patch:
--- passdb/util_sam_sid.c.orig   Tue May 11 15:03:04 2004
+++ passdb/util_sam_sid.c    Thu May 13 16:53:06 2004
@@ -56,16 +56,16 @@
    {0, (enum SID_NAME_USE)0, NULL}};

 static const known_sid_users nt_authority_users[] = {
-   {  1, SID_NAME_ALIAS, "Dialup" },
-   {  2, SID_NAME_ALIAS, "Network"},
-   {  3, SID_NAME_ALIAS, "Batch"},
-   {  4, SID_NAME_ALIAS, "Interactive"},
-   {  6, SID_NAME_ALIAS, "Service"},
-   {  7, SID_NAME_ALIAS, "AnonymousLogon"},
-   {  8, SID_NAME_ALIAS, "Proxy"},
-   {  9, SID_NAME_ALIAS, "ServerLogon"},
-   { 11, SID_NAME_ALIAS, "Authenticated Users"},
-   { 18, SID_NAME_ALIAS, "SYSTEM"},
+   {  1, SID_NAME_WKN_GRP, "Dialup" },
+   {  2, SID_NAME_WKN_GRP, "Network"},
+   {  3, SID_NAME_WKN_GRP, "Batch"},
+   {  4, SID_NAME_WKN_GRP, "Interactive"},
+   {  6, SID_NAME_WKN_GRP, "Service"},
+   {  7, SID_NAME_WKN_GRP, "AnonymousLogon"},
+   {  8, SID_NAME_WKN_GRP, "Proxy"},
+   {  9, SID_NAME_WKN_GRP, "ServerLogon"},
+   { 11, SID_NAME_WKN_GRP, "Authenticated Users"},
+   { 18, SID_NAME_WKN_GRP, "SYSTEM"},
    {  0, (enum SID_NAME_USE)0, NULL}};

 static const known_sid_users builtin_groups[] = {
@@ -294,6 +294,7 @@
            continue;

        for (j=0; users[j].known_user_name != NULL; j++) {
+           DEBUG(10,("map_name_to_wellknown_sid: compare %s\n", users
[j].known_
user_name));
            if ( strequal(users[j].known_user_name, name) ) {
                sid_copy(sid, sid_name_map[i].sid);
                sid_append_rid(sid, users[j].rid);
@@ -318,3 +319,4 @@

    return;
 }

--- passdb/passdb.c.orig    Tue May 11 15:03:04 2004
+++ passdb/passdb.c Thu May 13 17:45:29 2004
@@ -816,10 +816,12 @@
 {
    extern DOM_SID global_sid_World_Domain;
    DOM_SID local_sid;
+   DOM_SID sid;
    fstring user;
    SAM_ACCOUNT *sam_account = NULL;
    struct group *grp;
    GROUP_MAP map;
+   enum SID_NAME_USE type;

    *psid_name_use = SID_NAME_UNKNOWN;

@@ -836,10 +838,13 @@
     * Special case for MACHINE\Everyone. Map to the world_sid.
     */
-   if(strequal(user, "Everyone")) {
-       sid_copy( psid, &global_sid_World_Domain);
-       sid_append_rid(psid, 0);
-       *psid_name_use = SID_NAME_ALIAS;
+   if (map_name_to_wellknown_sid(&sid, &type, user)){
+       fstring sid_str;
+       sid_copy( psid, &sid);
+       *psid_name_use = type;
+       sid_to_string(sid_str, &sid);
+       DEBUG(10,("lookup_name: found %s for %s, type = %u\n", sid_str, user,
(un
signed int)type));
+
        return True;
    }
-----

Jianliang Lu
TieSse s.p.a.     Ivrea (To) - Italy
j.lu at tiesse.com   luj at libero.it
http://www.tiesse.com

More information about the samba-technical mailing list