CVS update: samba/source/rpc_server

Jeremy Allison jra at
Sat Nov 10 00:53:08 GMT 2001

On Sat, Nov 10, 2001 at 02:05:18PM +1100, Andrew Bartlett wrote:

> Note:  We do this already.  We already have the vuid cache, but I've
> never seen it cleaned.  As to read and read-write, I can see that
> getting a little messier.

Yes I know, it should be cleared. We actually need 3 caches,
read-only, read-write and no access.

> Instead, create a separate structure (a sec_ctx_id for arguments sake)
> and just use the vuid to look that sec_ctx_id up.  

That's what the 'user_struct' returned by the get_valid_user()
function was meant to be.

> So when a packet comes in, we do a conn & vuid lookup.  This gives us a
> pointer (or an id for lookup) to the security context to use, without
> further recalculation.  This would need a binary tree I think.  If this
> is done right, you could have one 'admin user = ' on a tid while another
> 'normal user' without interference. Hmm...

I don't think we can do this, as we need to know if a vuid has any of the
above (read/read-write/none) access on a conn. And we need to
look this up on a SMB request basis.

I do have an internal design for this as an extension of the
current vuid system. Unfortunately it's in my head right now.

You're definately thinking along the right lines.

BTW: I just wanted to say thanks for the auth re-write you've
done so far. When I was fixing the extra SID group bugs in 2.2
and HEAD it was *so much* easier to do correctly in HEAD as all
the correct information was already being passed around in the
structures you were using. Very impressive bit of design, thanks !


More information about the samba-technical mailing list