Andrew Bartlett <[EMAIL PROTECTED]> writes: > I understand the issue here (I asked for it to be filed). > > The issue is that the SID->??? code can get confused, because we have > not got 'sid_to_id' code, that can return any kind of id. Instead, we > can call sid_to_uid(), which will fallback to nasty incorrect values, > before we try sid_to_gid().
I don't see anything in sid_to_uid or local_sid_to_uid that will do any kind of fallback if a local SID isn't in the passdb. If the call to pdb_getsampwuid fails, local_sid_to_uid returns False to sid_to_uid, which then returns NT_STATUS_UNSUCCESSFUL. The _to_gid equivalents, however, do fall back on algorithmic mapping for any local SID with an odd RID, which I assume is because groups don't need any special registration with Samba the way users do, and thus it makes sense to implicitly map them back and forth. Therefore, unless I've missed something, swapping the calls in create_canon_ace_lists should fix this bug without creating any new ones. -- dn: cn=Jed Davis, ou=tech, o=panix.com # "But life wasn't yes-no, on-off. objectclass: person # Life was shades of gray, and rainbows mail;personal: [EMAIL PROTECTED] # not in the order of the spectrum." mail;work: jld@/ # -- L. E. Modesitt, Jr., _Adiamante_ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba