Patch rpc samr "RemoveMemeberForeignDomain" on pre3

Gerald (Jerry) Carter jerry at samba.org
Tue Dec 2 01:02:07 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> Gerald (Jerry) Carter wrote:
> 
>> I'll agree that we might be wrong here but I don't see the point of
>> "RemoveMemeberForeignDomain" duplicated the samr_del_aliasmem() call.
>> I think we need some more research here to see what we should do.
>>
>> We have a policy handle for the domain and are given a user SID.
>> Would you mind sending me the traces you have? Thanks.
> 
> 
> 
> btw...I take this back.  I found some logs and you're definitely
> right about the existing code.  I'm still not convinced about the 
> del_aliasmem but stranger things have been done in Redmond.

What I see in my log file is RemoveMemeberForeignDomain()
comes in with a handle to the BUILTIN domain (S-1-5-32)
and sends the SID for a domain group (S-1-5-21-X-Y-Z-1211).

So this definitely wouldn't be a del_aliasmem() call.
I think the call should remove the specified SID from all
groups in the domain (defined by the handle).  At least that's what
User Manager does.  I don't have a trace to confirm that there are 
individual delete user from group calls, but this is the only use that 
makes sense.  I'll code it up and check it in tonight hopefully.




- --
jerry
  ----------------------------------------------------------------------
  Hewlett-Packard            ------------------------- http://www.hp.com
  SAMBA Team                 ---------------------- http://www.samba.org
  GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/y+SPIR7qMdg1EfYRAs22AJoCzWolDYuAZa04uNK6yZ6abWSg6ACgmvDg
BnJ9jz0zpLS1bxkykXlmUQ8=
=EUcT
-----END PGP SIGNATURE-----




More information about the samba-technical mailing list