Patches to head (become_root and some RPC stuff)

[Michael Stockman]

> > Hello,
> >
> > > do people agree that this is a good idea?  [splitting passwords
out
> > into
> > > private/DOMAINNAME.user1.mac private/DOMAINNAME.user2.mac]
> > >
> > > does someone want to write a private/sampasswd module, as this
would
> > be a
> > > good opportunity to do this.
> >
> > No, this idea is probably wrong. The idea, as put forth in the
> > previous discussion,
>
> i missed it.  i have 750 messages and increasing, and no time to
read
> them.
>
>
> > is to protect the password hashes and this
> > exposes them to user interference. What we need is actually only
one
> > file with public user information and one with restricted (such as
> > passwords).
>
> hmmm... but there is actually so little info in private/smbpasswd
that
> this seems like a lot of effort to go to, unless you actually extend
the
> "public" information.  most of the "public" information currently
comes
> from smb.conf options and /etc/passwd.

Well, what we have is a number of fields that tell which unix users
are NT users and some more. How much more data we may want to add in
the future, I don't know. I suppose though that there is some data
that would be much appreciated, such as maximum allowed simultaneous
logins. There is probably more.

An appealing idea is to make the the information interchangeable
between two files, through configuring smb.conf, so that the admin
could actually configure what goes in which file. It is probably also
wise to make things as future safe as possible. I could probably do
this (the become_roots are gone and I'm anyway only creating troubble
for everyone in the RPC section), as it's a limited task and I believe
in it. I will need to know which inferface is needed between the db
functions and samba. (I find the current code hard to read, it's
really a matter of laziness).

Best regards
  Michael Stockman
  pgmtekn-micke at algonet.se