[samba-tng] sam tdb status

[Luke Kenneth Casson Leighton]

well, i have to say it: this is scarily fun.  i have almost all the user
functions working - already!  i'm missing samr_query_userinfo level 0x10,
samr_query_usergroups and samr_query_useraliases.  i think i need to
create a new database for query_usergroups and query_useraliases, and i
just _know_ it's going to cause problems to keep them up-to-date with the
alias database and group database, and i haven't even started on that,
yet.

algorithm to add a user to a group:

lock group db
lock user db

add user RID to group
add group to user RID

unlock user db
unlock group db

similar thing for aliases.

i don't _know_ if there's a means to add a group to a user db (equivalent
to setting a user's groups).  samr_set_usergroups just doesn't... seem to
exist!  maybe i've missed it over-the-wire in my USRMGR analysis [for two
years].  i know i haven't got samr_set_groupinfo() or samr_set_aliasinfo()
and i have netmon traces for those.  hmm...

_fortunately_, you cannot delete groups without the members bein empty,
which _fortunately_ means that the manual deletion of all users from a
group will also result in all those groups being delete from the user db
entries, too.  means that the group db will be consistent with the user
db.  hey, the nt sam team are smart!

you think microsoft's code is clunky, until you actually get
down-and-dirty and try to implement something similar yourself, and it
then gets really hairy and you end up with explanations for the way it all
works and a lot of respect for nt.

luke

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals