Do SID and UID mapping need to be one-to-one ?

Gerald (Jerry) Carter jerry at samba.org
Tue Nov 7 17:31:37 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Copying the ml back to the CC list:

sambatech.20.nirsoffer at spamgourmet.com wrote:

>> We don't support this in the general sense in Winbindd.
>> We need to be able to derive the name/SID/uid of a user
>> given only piece of the triple.  And the mapping must
>                                    ^^^^^^^^^^^^^^^^^^^^
>> be symmetric.
>   ^^^^^^^^^^^^^
> 
> Why must the mapping be symmetric? If for instance:
> 
> SID(a)->UID(1)
> SID(b)->UID(1)
> UID(1)->SID(a)
> 
> Then indeed converting SID(b) to UID(1) and then the 
> inverse will result in SID(a), but why is that a problem?
> Is there a compelling reason that the mapping be symmetric?
> I simply can't understand why Samba needs to assume that.

For example, How do you know what SID to report in a security
descriptor for a file?  You have to convert the uid to to a SID.
You say that you solve this by choosing the last logged on user.
What does that mean anyways?  desktop login?  smbd connection?


> So just to make sure I understand - the assumption that 
> the mapping is symmetric is to have consistency OUTSIDE Samba,
> and is not an assumption that Samba relies on? I'm only
> asking because I see it is asserted in the code.

You can do anything you like with the code under constraints
the GPL, but this type of design would not be accepted back
into the main tree.   :-)





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFUML5IR7qMdg1EfYRAoiPAKCmH8L+W+ojIxzuavKW3iP3WKiilgCeIIY0
YzWnwuskWymTRK78uGYr2yA=
=8ci/
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list