[PATCH] s3:winbindd: Do not use domain SID from LookupSids for idmap

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Sep 8 14:21:14 MDT 2014

On Thu, Sep 04, 2014 at 01:25:43PM -0700, Christof Schmitt wrote:
> The attached patch fixes a proble where invalid id mappings have been
> used for objects that have been migrated from another domain. LookupSids
> returns the SID of the new domain where the migrated object resides, and
> the problem is that this domain SID cannot be combined with the original
> RID. The RID likely has changed during the migration.

Can you give examples? I think I don't fully understand what
is going on here.

> +		struct dom_sid *orig_sid = &state->non_cached[i];
> +		struct lsa_DomainInfo *lsa_dom =
> +			&state->domains->domains[n->sid_index];
> +
> +		if (!dom_sid_in_domain(lsa_dom->sid, orig_sid)) {

One question regarding this if-statement: Do we need it at
all functionally? Performance-wise couldn't we play tricks
to copy orig_sid into lsa_dom->sid?


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list