dce/rpc "client" api
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Aug 23 08:00:46 GMT 2000
> HEAD. TNG carries arround a full NT user3 struct
> associated with each vuid - this is definately not
> neccessary and complicates the interface way more
> than is needed (all you need is the SID lists for
> the user to do access checks, and that is what it
> carried around in HEAD).
take a look at api_NetWkstaUserInfo. what parallels do you see between
the data returned and the full NT user3 struct?
to my eye, they look pretty much the same.
now compare api_NetWkstaUserInfo in TNG and head. you will see that one
"fakes" up the info returned, whilst the other returns the _correct_ info
as obtained from the NT user3 struct made by the SamrNetLogon call
required to authenticate the user in reply_sesssetupx().
so now you realise _why_ TNG carries around what you consider to be
however, i do realise that it is not entirely suitable to use in
se_access_check(), which leaves a minor inconvenience of converting
USER_INFO_3 to whatever format you and others have selected as suitable -
without any public discussion, i might add - for se_access_check.
> Strangely enough, I copied this idea from the NT internals book :-).
> So looking at the TNG code here would have helped,
there have been so many more instances of this, jeremy, it is so unreal
you would not believe it. enough of these piled up over the last few
years that, as you are aware, i finally gave up.
> but the code in TNG could not have been used as-is.
so, work _with_ me to develop a suitable implementation instead of
discarding, obseleting and reimplementing useful work.
More information about the samba-technical