[Samba] Re: Any plans to fix Bug 1139 in 3.0.3?
jdev at panix.com
Mon Mar 29 18:35:28 GMT 2004
Andrew Bartlett <abartlet at samba.org> writes:
> I understand the issue here (I asked for it to be filed).
> The issue is that the SID->??? code can get confused, because we have
> not got 'sid_to_id' code, that can return any kind of id. Instead, we
> can call sid_to_uid(), which will fallback to nasty incorrect values,
> before we try sid_to_gid().
I don't see anything in sid_to_uid or local_sid_to_uid that will do
any kind of fallback if a local SID isn't in the passdb. If the call
to pdb_getsampwuid fails, local_sid_to_uid returns False to
sid_to_uid, which then returns NT_STATUS_UNSUCCESSFUL.
The _to_gid equivalents, however, do fall back on algorithmic mapping
for any local SID with an odd RID, which I assume is because groups
don't need any special registration with Samba the way users do, and
thus it makes sense to implicitly map them back and forth.
Therefore, unless I've missed something, swapping the calls in
create_canon_ace_lists should fix this bug without creating any new
dn: cn=Jed Davis, ou=tech, o=panix.com # "But life wasn't yes-no, on-off.
objectclass: person # Life was shades of gray, and rainbows
mail;personal: jdev at panix.com # not in the order of the spectrum."
mail;work: jld@/ # -- L. E. Modesitt, Jr., _Adiamante_
More information about the samba