[samba-tng] status

[Luke Kenneth Casson Leighton]

On Thu, 3 Feb 2000, Elrond wrote:

> On Thu, Feb 03, 2000 at 01:19:33PM +1100, Luke Kenneth Casson Leighton wrote:
> > ok.
> > 
> > sander's doing netlogon conversion, he's just gone to sleep.
> > 
> > elrond's doing lsarpc conversion, he doesn't like the msdn api format, but
> > then again, neither do any msdn developers like lsa_lookup_sids and
> > lsa_lookup_names.
> > 
> > [elrond, would you be happy with a client-side "wrapper" function that
> > looks like rpc_client/cli_lsarpc.c's lsa_lookup_names?]
> 
> Okay, since you really want the msdn-API here, I've now
> decided to do the following:
> 
> I'll write _lsa_lookup_sids() with the msdn-API (or more
> precisely, an "on-the-wire-API"). and that one will then
> call _lsa_lookup_sids_real(), which has a nicer API:
> 
> _lsa_lookup_sids_real(...,
>                       uint32 num_sids, DOM_SID *sids,
>                       uint32 *num_names,
>                       UNISTR2 ***domain_names, DOM_SID ***dom_sids,
>                       UNISTR2 ***names)
> 
> So we will even have "wrappers" (this one is a bit more
> then a wrapper, it has to do real work) on the server-side.
> 
> And I want the same API on the client-side too (it may be a

oh yehh, i like it.

> > i have two outstanding problems, one of which is how to make the user
> > passwords secure even though the database itself may be accessible
> > read-only (just like /etc/passwd is).  i have an idea, i'll post an rfc in
> > a separate message.
> 
> As I already wrote to you, why don't you put them in an
> extra database, like unix does it nowadays (/etc/shadow,
> /etc/security/passwd, etc.), and make that 700, owned by
> root.

give me a while, i'll think of some merits for that over the next few
days.