svn commit: samba r12293 - in trunk/source/utils: .

Sat Dec 17 09:23:29 GMT 2005

Hi, Jeremy!

Moving this to the list, this is more general.

Anyone having a vague memory of the voyager discussions please read this mail
and comment :-)

On Fri, Dec 16, 2005 at 04:24:09PM -0800, Jeremy Allison wrote:
> > lookup_name().
> 
> Ok thanks - I'll try and look into that. Is lookup_name() the
> generic mechanism I should be using for this ? Is it safe
> to use within user level code (ie. in code like smbclient) ?
> Will it contact winbindd if it's a "foreign" sid or talk to
> the local smbd to lookup a sid with our local or domain prefix ?

Moving lookup_name to lib/ is a good thing I think. I think then lookup_sid(s)
should also be moved there.

Internally we should work towards getting rid of names as much as possible,
convert names to sids as early as possible. One reason I found is for example
auth/auth_util.c:735. We take a decision where to look for additional groups
based on the username, which is wrong. A customer of mine needs to use locally
defined aliases on a member together with 'winbind use default domain'. No
separator in the name, so nobody asks winbind to expand the aliases. No alias
shows up in the token. Boom. If we had passed down a SID to this function then
a sid_check_is_in_our_domain would have given the right answer.

That's why I want to see only one single use for lp_winbind_separator() for
dissecting a name: In lookup_name. And that as early as possible in the game,
when the name comes from the net. This also has the potential to make error
checking more correct: In a routine close to the user we look up the name and
expect a user. When it is something different or does not exist, we can
probably return a more correct error message.

I also think this is a more correct way to attack the passdb mess we have than
voyager was. Group mapping as it stands is broken, but completely replacing it
is probably too radical. In particular changing all the LDAP databases around
is not an option. But when we could really REMOVE pdb_getsampwnam(),
pdb_getgrgid() and pdb_getgrgid() I think we could win a lot of clarity. Moving
pdb_getsampwsid to a rid-based function is a little step. pdb_getgrsid and the
alias handling functions need to stay sid-based, they also have to take care of
S-1-5-32. But when we are more SID-based internally this becomes a lot more
obvious than it is now.

This is a change in behaviour, and has the potential to break some
installations. For example if both a group "foo" and a user "foo" does exist in
Unix, in routines where we *know* the name should represent a group (callers of
nametogid() for example) would break. I'm not sure how to handle that case in a
sane way. But I do think it is necessary to really straighten our name<->sid
mapping towards what Windows does, this has led to way too much confusion and
bugs in the past.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20051217/90d6a5a6/attachment.bin