svn commit: samba r21881 - in branches/SAMBA_3_0/source:
nsswitch passdb
James Peach
jpeach at samba.org
Tue Mar 20 02:48:46 GMT 2007
On 19/03/2007, at 7:36 PM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> jpeach at samba.org wrote:
>> Author: jpeach
>> Date: 2007-03-20 00:13:42 +0000 (Tue, 20 Mar 2007)
>> New Revision: 21881
>>
>> WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?
>> view=rev&root=samba&rev=21881
>>
>> Log:
>> Make sure we are very specific when testing whether a backand can
>> handle a
>> particular SID. Make sure that the passdb backend will accept the
>> same set
>> range of local SIDs that the idmap system sends it.
>>
>> Simo, Jerry - this is a 3_0_25 candidate. Can you please review?
>
> The change to winbindd_util.c looks ok.
>
> I'm not sure about the pdb_interface though. This allows the
> passdb sid_to_id function to resolve things like NT_AUTHORITY to
> a gid which is definitely a change in behavior. Do the WKN sids
> really need to be mapped to a gid. In the past these have only
> been on concern in the NT_USER_TOKEN.
Open Directory maps these well-known SIDs by default:
S-1-5-11
S-1-5-13
S-1-5-18
S-1-5-1
S-1-1-0
S-1-3-1
S-1-5-4
S-1-5-2
S-1-3-0
I guess the alternative to pushing these through to the passdb
backend would be to let the default idmap module handle them. I
figured that this would break the local vs remote division though.
--
James Peach | jpeach at samba.org
More information about the samba-technical
mailing list