broken string_to_sid, sid_to_string
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Nov 25 17:56:14 GMT 1998
On Wed, 25 Nov 1998, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> >
> > On Wed, 25 Nov 1998, Luke Kenneth Casson Leighton wrote:
> >
> > > jeremy,
> > >
> > > as the string_to_sid() functions are broken, there is an opportunity _now_
> > > to fix them even more proplerly.
> > >
> > > these functions read the rid components in decimal, they should not: they
> > > should read in hex.
> > >
> > > can we fix this?
> >
>
> Well now I'm adding strtoul in lib/replace and have used it in
> the fix I'm about to checkin the answer is yes.
>
> > ... by reading from SAM.SID (and ignoring MACHINE.SID, or preferably
> > deleting it) and generating SAM.SID rid components in hex, like they
> > should be?
> >
>
> The file SAM.SID does not exist (as far as I know - unless you've
> invented a new file ?). The machine sid is stored in MACHINE.SID.
no i haven't, however i mention that i think we _should_ ignore
MACHINE.SID if we choose to go ahead with the fix to sidstr code
(described below) and move to SAM.SID insead. and the contents of SAM.SID
should have its rid components in hex _without_ leading "0x"s on them.
> > the format for S-xxx is S-1-5-20-xxx-yyy-zzz NOT S-1-5-32-xxx-yyy-zzz, and
> > this is really confusing and wrong.
>
> Ok - but for backwards compatibility with existsing
> files it needs to be coded as :
>
> S-1-5-32 --- read as base 10.
>
> S-1-5-0x20 --- read as base 16.
>
> Happy ?
not exactly, although this is better than a kick in the teeth.
we have a window of opportunity to not have to do a
backwards-compatibility job due to the fact that the bugs found in
string_to_sid and sid_to_String cause 82.5%, by probability, of all
current alpha and beta users, problems with joining a domain, after the
bug is fixed.
given that this is the case, we might as well fix sid_to_string and
string_to_sid to match what microsoft defines the S-1-5-... format to be,
namely that all rid components are in hex, _without_ the 0x in front.
your call, jeremy.
More information about the samba-technical
mailing list