dce/rpc "client" api
jeremy at valinux.com
jeremy at valinux.com
Tue Aug 22 14:50:26 GMT 2000
On Tue, Aug 22, 2000 at 03:42:07PM +0200, Sander Striker wrote:
> But I don't
> think it's a good idea to implement something twice if it has been
> done right (especially when this is done because someone doesn't
> understand the code <- this has actually happened).
I think you mean the se_access_check code here. Tim
re-implemented that without looking at the TNG code,
that's true. But when I fixed it according to the
correct NT security algorithm, I found it was very
similar to what was already in TNG.
However, what was in TNG would not have worked in
HEAD. TNG carries arround a full NT user3 struct
associated with each vuid - this is definately not
neccessary and complicates the interface way more
than is needed (all you need is the SID lists for
the user to do access checks, and that is what it
carried around in HEAD). Strangely enough, I copied
this idea from the NT internals book :-).
So looking at the TNG code here would have helped,
but the code in TNG could not have been used as-is.
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list