source/rpc_server/srv_samr_nt.c: _samr_enum_dom_alises()

Buck Huppmann buckh at
Wed Jul 25 16:29:26 GMT 2001

just wondering if the call

       init_samr_r_enum_dom_aliases(r_u, q_u->start_idx, num_entries);

should look more like this

       init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_entries, num_entries);

as the corresponding call in _samr_enum_dom_groups() does? if one then
(perhaps inadvisedly) inserts

       if (num_entries == MAX_SAM_ENTRIES)
               r_u->status = STATUS_MORE_ENTRIES; /* not necessarily  */

after the call to get_group_alias_entries() one can get a full enumera-
tion of one's ``Local UNIX groups'' when one invokes the Add-ACL Explorer
interface. unfortunately, as JRA's comments in _samr_enum_dom_users()
indicates, this isn't quite as NT would like it and use of the IPC$
handle to then Show Users fails, but i'm keen to get at least this far
because we basically can get no use out of ACLs without at least this
much group-enumeration, point-and-click functionality for our users,
since trying to add domain SIDs from our NT PDC-controlled domain in
which our samba servers are joined up, even when their names correspond
to ``Local UNIX'' groups or users, doesn't work

in that regard (completely crossing over into samba@ list territory), if
we run winbindd without otherwise integrating it into our nsswitch-ed
infrastructure, would we get such functionality? or would winbindd map 
the requested SIDs into uids and gids not necessarily corresponding to 
the Local UNIX groups and users for the identically-named accounts?

thanks for any help forthcoming

More information about the samba-technical mailing list