Updating samr code...

Jeremy Allison jeremy at valinux.com
Sun Feb 18 20:34:44 GMT 2001


On Sun, Feb 18, 2001 at 12:37:54PM +0100, Jean Francois Micouleau wrote:

> because we don't support domain group :-) So we can send the unix group
> list or a faked domain group list (domain admin, domain users).

Ok - I understand now, thanks.

> > The idea is that all the '_XXXX' functions take 3 args,
> > 1 - pipestruct, 2 - address of query struct parsed from packet,
> > 3 - address of reply struct to be marshalled into packet.
> 
> ok I get it. I'm ok with args 2 and 3, we don't follow the MS API, it's
> not a big deal. But for param 1, I'm a bit "mitigé" (don't know how to
> translate that): I agree with you, without totally agreeing :-)
> 
> I guess you want to pass the pipestruct for the user security context.
> Can't we just pass the user security context then ?

Well, after some hacking yesterday, the talloc context in the
rdata and data parts of the pipe struct are both the same, and
should be kept around intil the that part of the RPC data is
returned. I've just checked in a change to the srv_pipe_XX modules
to ensure that this is the case.

So we really need to get at the talloc context and the security
context - both of which are held in the pipe struct - we'll almost
certainly end up needing more - so why not just pass down the pipe
struct - looks cleaner (to me at least :-) :-).

> And instead of checking the SMB current authenticated user when the pipe
> user is null, can't we fill the pipe user with the current user ? 
>
> that way in the _XXX funcs, the user security context is always valid.

I need to think about this.... brain too full with rewrites at the
moment... :-).

> yep ! good point ! much cleaner.

Unfortunately this change breaks the current winbindd nsswitch
code - but it's so much cleaner I'm going to bug Tim to fix this
as I *really* want to make this change in smbd :-).

Cheers,

		Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------




More information about the samba-technical mailing list