[PATCHES] winbindd: fix sid->xid for SID History SIDs
Uri Simchoni
uri at samba.org
Tue Mar 28 07:38:11 UTC 2017
On 03/20/2017 06:49 AM, Uri Simchoni via samba-technical wrote:
> Hi,
>
> We few weeks ago we've discussed SID history and id-mapping -
> https://lists.samba.org/archive/samba-technical/2017-February/118771.html.
>
> Attached is a proposed initial fix for the issue, which focuses on
> avoiding wrong results.
>
> The fix finds the domain of the SID by resolving a SID with same domain
> component and an RID of 513 (domain users), which hopefully never gets
> migrated.
>
> We've discussed other means such as smb.conf stuff or netsamlogon - I
> think those methods can come on top of this method, because if they
> don't work we should always fall back to something. The added resolving
> doesn't cost much because it's in the same round-trip.
>
> The key thing about this fix is that doesn't try to translate sid->xid
> in any possible case (such as when old domain is gone and forgotten), it
> just avoids getting the *wrong* result. As such, it's a good minimal fix
> that can be applied to stable versions. For master, we can add the
> smb.conf-based stuff, that will support more cases.
>
> Review appreciated.
> Thanks,
> Uri.
>
Ping...
Correction to the above text - the fix doesn't try to translate sid->xid
in *every* possible case, it just avoids getting wrong results.
More information about the samba-technical
mailing list