[PATCH] sam backend parameter

Andrew Bartlett abartlet at samba.org
Thu Oct 3 01:02:00 GMT 2002

Simo Sorce wrote:

> Plus I have some questions about the current sam interface:
> - what is all the context thing needed for?

I don't like global variables, and this allows us to construct seperate
contexts for operations like sam2sam, and testing, without fiddiling
with global variables.

> - what is the handle thing needed for ?

Same as the SAM_ACCOUNT in pdb.  

> - what is access desired meant to do ? Authorization is a different
> thing then storage, a backend is a storage!

The SAM interface layer is the 'choke point'.  If we do not wan't nasty
races, then we must reterive things like the security descriptor with
the data it applies to.  This implies that the ACL checking code must
resise either in the SAM backend, or the SAM interface.  If we export it
above this layer, we *will* get places where we don't check it properly.

> - why do we insist to have a thing called unix accounts? It just does
> not make sense to me. We need "real" users/groups mapping instead
> (opposed to created on the fly by winbind based accounts).

I'm not sure what you mean here - the current code doesn't even know
about unix accounts.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list