Elrond at Wunder-Nett.org
Thu Feb 3 14:03:24 GMT 2000
On Thu, Feb 03, 2000 at 01:19:33PM +1100, Luke Kenneth Casson Leighton wrote:
> sander's doing netlogon conversion, he's just gone to sleep.
> elrond's doing lsarpc conversion, he doesn't like the msdn api format, but
> then again, neither do any msdn developers like lsa_lookup_sids and
> [elrond, would you be happy with a client-side "wrapper" function that
> looks like rpc_client/cli_lsarpc.c's lsa_lookup_names?]
Okay, since you really want the msdn-API here, I've now
decided to do the following:
I'll write _lsa_lookup_sids() with the msdn-API (or more
precisely, an "on-the-wire-API"). and that one will then
call _lsa_lookup_sids_real(), which has a nicer API:
uint32 num_sids, DOM_SID *sids,
UNISTR2 ***domain_names, DOM_SID ***dom_sids,
So we will even have "wrappers" (this one is a bit more
then a wrapper, it has to do real work) on the server-side.
And I want the same API on the client-side too (it may be a
My current problem is still lsa_lookup_names, cause I
haven't yet made up a nice api, that then could be wrapped
by the on-the-wire-API. (The problem are ambiguities, that
I've got to sort out)
> sean millichamp's first foray into programming for a while resulted in
> srvsvc conversion, he even had fun doing it.
> lars volunteered for srv_reg.c, and is having the same conceptual
> difficulties with the task to be carried out that sean _used_ to have
> before sander explained in a mini HOWTO (Thx sander)!
> luke howard hates passdb/*.c and groupdb/*.c as much as i do. he's not
> touched the pre-existing schema so he's created an nt5ldap schema. it all
> works, but falls down silly in exactly the same way that the smbpsswd API
> samrd does (i.e without --with-ldap).
> luke also liked the surs thing so much he wrote a surs_nt5ldap_sid_to_uid
> function - in 20 lines of code. YESS :)
> i'm also trying to get luke h. to write a samrnt5ldapd, but he coded
> himself silly on the passdb/ groupbd/ version so needs a rest. i'm also
> encouraging him to "track" what i do for samtdbd, so he doesn't have to
> waste effort.
> i'm _trying_ to write samtdbd, but the rest of you are so busy in the
> mornings (when i'm not even up) that i had 100 email messages when i
> _started_ work and they just kept on coming...
> anyway, i got usrmgr to actually display a user-dialog today.
> i have two outstanding problems, one of which is how to make the user
> passwords secure even though the database itself may be accessible
> read-only (just like /etc/passwd is). i have an idea, i'll post an rfc in
> a separate message.
As I already wrote to you, why don't you put them in an
extra database, like unix does it nowadays (/etc/shadow,
/etc/security/passwd, etc.), and make that 700, owned by
> the other one is how to do a SamrQueryUserInfo() at level 0x18 on local
> loopback but NOT on network access.
> i not sure...
More information about the samba-technical