LookupAccountSid&LookupAccount (fwd)
Jeremy Allison
jallison at whistle.com
Mon Jun 1 16:58:45 GMT 1998
Luke Kenneth Casson Leighton wrote:
>
> SID_NAME_USE can be:
>
> SidTypeUser
> SidTypeGroup
> SidTypeDomain
> SidTypeAlias
> SidTypeWellKnownGroup
> SidTypeDeletedAccount
> SidTypeInvalid
> SidTypeUnknown
>
> BTW: Jeremy in his last mail is proposing the same thing.
>
> SidTypeUser=1 and jeremy is proposing #define USER_RID_TYPE 0.
>
Well, as I'm allocating 3 bits then we only have 8 values
so starting at 1 would be a mistake, given the range above :-).
What I'd like to do is only allocate 2 bits, as the types
we actually care about are :
SidTypeUser, SidTypeGroup, SidTypeAlias, SidTypeWellKnownGroup.
This gives us more bits for the user and group values.
We should never generate SidTypeDeletedAccount, SidTypeInvalid
or SidTypeUnknown, and SidTypeWellKnownGroup is instantly
identifiable as it's RID is <1000.
> another alternative optimisation is to allocate blocks of RIDs (in groups
> of 0x400, for example) and have two files with ranges in them: one which
> specifies which batch of 0x400-spaced-out RIDs have been allocated as
> group RIDs; the other specifies which have been allocated as user RIDs.
>
> i would expect the group RIDs file to be small; the user RIDs file to be
> large(r).
This is not (IMHO) a viable option. It might work with 100, or
even 1000 users, but not with 10,000. Don't forget, there are
Samba sites being planned with 12,000 users - over 3000 simultaneous.
The lookup needs to be simple and fast, and completely free
of locking issues when multiple smbd are doing a lookup/mapping.
Files fail on all these counts :-).
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list