New approach to "valid users" fix

simo idra at
Sat Aug 12 19:42:34 GMT 2006

On Sat, 2006-08-12 at 13:56 -0500, Gerald (Jerry) Carter wrote:

> It's a pretty big bug actually if you copy files from
> the Samba box to a local NTFS partition on a Windows
> client.  We'll have to fix this, but I need to think
> about it some.

I think that part of the problem is that we don't let idmap do it's work
alone, but often we check for idmap ranges outside of idmap instead of
just trusting what idmap does.
I think that idmap ranges should be checked only inside idmap by the
modules that really depends on them, and let the user decide whether to
enforce them or not (or perhaps use them as filters) for modules that do
not control the mappings (or potentially don't) like idmap_ad and

We can probably not get as far as changing this for idmap_ad/idmap_ldap
in 3.0.23c, but we can probably remove some of the checks that are done
in wrong places like these:

lookup_sid.c:1126 uid_to_sid()
winbindd_sid.c:297 winbindd_uid_to_sid()
lookup_sid.c:1171 gid_to_sid()
winbindd_sid.c:424 winbindd_gid_to_sid()

But in the end this is probably matter for 3.0.24.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list