passdb.c and nmbd

[Luke Kenneth Casson Leighton]

ok, we have a linking issue due to a bug-fix.  i need to use
lookup_user_rids() in passdb/smbpass.c.  this function is in
rpc_server/srv_lookup.c.  this function requires references in
rpc_server/srv_sid.c, rpc_parse/*.c, become_root() in smbd/uid.c etc etc.

in other words, we're marginally stuffed.

because:

a) if we fix this, then in certain instances the lookup_user_rids() call
will make, in the future, a _client_ call (LsaLookupSids) to its PDC,
which is going to block nmbd

b) if we un-fix this (by removing $(PASSDB_OBJ) from nmbd) then we lose
the ability to resolve usernames in nmbd/process_logon.c:
process_logon_packet().

however, actually, b) should ideally be done with a client-side call
(NetSamLogon, which is sent using cli_nt_login_interactive() ah, can't do
that as we don't have the user's password but you get the idea) on a
similar basis to async_dns.c

ok, instead of NetSamLogon it needs to be... a... samr call.  darn, there
isn't one, you'd have to enumerate all users to get the RIDs and then look
up by RID.


actually, it would be a *lot* simpler to add the "Primary NT Group RID" to
private/smbpasswd!!!



what's the issue (why is this problem occurring in the first place)? well,
i just made a user's "Primary NT Group RID" a local group not a domain
group (created a local group called "NTlocalgroup").

that group maps to a UNIX group.  we (i) had always assumed that a users'
primary group would always be a "Domain" group, so we call
pwdb_gid_to_group_rid(smb->unix_gid).

this is wrong.

depending on whether the unix group maps to an nt domain group or an nt
local group we need to call pwdb_gid_to_group_rid() or
pwdb_gid_to_alias_rid() respectively.  and the only way to do that is to
do a lookup_sid() call.

argh.

so, the choices are not very nice.  and yes, we have to deal with them.
but, like jeremy's been saying recently, not right now or at least not by
him (how's the 2.0 betas going, jeremy? :-)

luke