[patch] clean up sid when writing to tdb
Philipp Gesang
philipp.gesang at intra2net.com
Mon Oct 15 09:55:34 UTC 2018
Hi Volker, hi Andrew,
thanks for having a look.
-<| Quoting Andrew Bartlett via samba-technical <abartlet at samba.org>, on Saturday, 2018-10-13 07:55:18 PM |>-
> On Fri, 2018-10-12 at 18:26 +0200, Volker Lendecke via samba-technical
> wrote:
> > On Fri, Oct 12, 2018 at 05:04:32PM +0200, Philipp Gesang via samba-technical wrote:
> > > Hey guys,
> > >
> > > I’d appreciate feedback on the attached patch.
> >
> > Shouldn't we just store the required bytes determined with
> > ndr_size_dom_sid() and ndr_push/pull_dom_sid? This has the obvious
> > upgrade issues, but maybe we can handle that somehow.
How much bug-for-bug compat with Windows is the goal here?
I’ve had the SID handling checked by kind colleagues who are
more versed in Windowsy things. These are the observations:
- Roundtrip conversion (string → pSID / CSid → string) preserves
extraneous SubAuth’s beyond what the SubAuthCount indicates.
- isValidSid() will reject a version != 1, but it won’t object to
additional SubAuth’s.
- copySid() too preserves extra SubAuth’s.
In any case, Windows happily includes extra SubAuth’s when
copying or converting to string whereas Samba’s sid_copy() and
dom_sid_string() do drop them.
> Volker,
>
> You are quite correct, pushing a buffer is a really bad idea. The structure is:
>
> struct dom_sid {
> uint8_t sid_rev_num;
> int8_t num_auths;/* [range(0,15)] */
> uint8_t id_auth[6];
> uint32_t sub_auths[15];
> }
>
> and so the sub_auths would be endian-dependant.
>
> Not that we get much swapping of tdb files between hosts, but we are
> meant to be able.
>
> Note, while not directly relevant here, we will have to be more careful
> about this if we make broader use of lmdb, which is host endian
> dependent per
> https://blog.separateconcerns.com/2016-04-03-lmdb-format.html
>
> Now as to how to fix this while being backward and forward compatible
> and portable across byte orders? Trickier.
Best,
Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20181015/3ee4cece/signature.sig>
More information about the samba-technical
mailing list