CVS update: samba/source/passdb
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Mon Nov 27 17:35:01 GMT 2000
On Sun, 26 Nov 2000, Gerald Carter wrote:
> Tim Potter wrote:
> >
> > Eeek! This is not the correct way to look up names as it isn't
> > portable across non-English NT machines - just ask Mr JF
> > Administrateur about it. (-:
> >
> > The correct way (which also indirectly solves this lookup
> > problem) is to construct a sid using global_sam_sid and append a
> > well known RID value from rpc_misc.h:
> >
> > DOMAIN_USER_RID_ADMIN for the administrator user
> > DOMAIN_GROUP_RID_ADMINS for the Administrators group
> >
> > and so on.
I would add even that is not the *correct* way. The correct solution would
be to build the privilege mask of the user's NT_TOKEN and compare that to
the desired or the required minimum mask.
That mean we need to store such a beast somewhere (that's an hint to why
I'm soo slow to write the group mapping code)
J.F.
More information about the samba-technical
mailing list