[PATCH] s3:winbindd: Do not use domain SID from LookupSids for idmap
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Sep 8 14:21:14 MDT 2014
On Thu, Sep 04, 2014 at 01:25:43PM -0700, Christof Schmitt wrote:
> The attached patch fixes a proble where invalid id mappings have been
> used for objects that have been migrated from another domain. LookupSids
> returns the SID of the new domain where the migrated object resides, and
> the problem is that this domain SID cannot be combined with the original
> RID. The RID likely has changed during the migration.
Can you give examples? I think I don't fully understand what
is going on here.
> + struct dom_sid *orig_sid = &state->non_cached[i];
> + struct lsa_DomainInfo *lsa_dom =
> + &state->domains->domains[n->sid_index];
> +
> + if (!dom_sid_in_domain(lsa_dom->sid, orig_sid)) {
One question regarding this if-statement: Do we need it at
all functionally? Performance-wise couldn't we play tricks
to copy orig_sid into lsa_dom->sid?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list