New sam system

Richard Sharpe rsharpe at ns.aus.com
Wed Jul 31 09:12:45 GMT 2002 

On Wed, 31 Jul 2002, Jelmer Vernooij wrote:

> [ Ok, I've switched off gpg signing for all samba lists... ]
> 
> Hi!
> 
> I'm working on the new sam system currently and was wondering whether
> the following patch should be applied to
> source/sam/SAM-Interface-handles.txt:

Well, I would say you should, since that seems to be a design document.
 
> -NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE **user)
> -NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE **user)
> +NTSTATUS sam_get_user_by_sid(NT_USER_TOKEN *access, uint32 access_desired, DOM_SID *usersid, SAM_USER_HANDLE *user)
> +NTSTATUS sam_get_user_by_name(NT_USER_TOKEN *access, uint32 access_desired, char *domain, char *name, SAM_USER_HANDLE *user)
> 
> 
> -NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME kickoff_time)
> -NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME pwd_last_set)
> -NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME pwd_can_change)
> -NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME pwd_must_change)
> +NTSTATUS sam_{get,set}_user_kickoff_time(SAM_USER_HANDLE *user, NTTIME *kickoff_time)
> +NTSTATUS sam_{get,set}_user_pwd_last_set(SAM_USER_HANDLE *user, NTTIME *pwd_last_set)
> +NTSTATUS sam_{get,set}_user_pwd_can_change(SAM_USER_HANDLE *user, NTTIME *pwd_can_change)
> +NTSTATUS sam_{get,set}_user_pwd_must_change(SAM_USER_HANDLE *user, NTTIME *pwd_must_change)
> 
> Btw.  What *exactly* do the NT_USER_TOKEN's do? Still don't get it :-/

The NT_USER_TOKEN is kind of your credentials. It specifies, AFAIK, the 
user's SID, Group SID, and the SIDs of all groups that user is a member 
of. So, it is like UID and GID array in UNIX. It can then be used to 
quickly and easily make access decisions when objects have ACLs attached 
to them.


Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org, 
sharpe at ethereal.com

More information about the samba-technical mailing list