CVS update: samba/source/utils

[Rafal Szczesniak]

On Sat, Feb 28, 2004 at 10:26:50AM +1100, Andrew Bartlett wrote:
> On Sat, 2004-02-28 at 08:02, mimir at samba.org wrote:
> > Date:	Fri Feb 27 21:02:00 2004
> > Author:	mimir
> > 
> > Update of /home/cvs/samba/source/utils
> > In directory dp.samba.org:/tmp/cvs-serv4335/utils
> > 
> > Modified Files:
> > 	pdbedit.c 
> > Log Message:
> > Adding ability to operate on trust passwords to pdbedit. This enables
> > new functionality and testing interface for new pdb functions.
> > 
> > Also, quite a bit of objects is being added to pdbedit in order to make
> > it able to find domain sid automatically (if not given explicitly).
> > If such amount of "wisdom" is not required to be in pdbedit, I'll move
> > it to 'net' which will have this new functionality, anyway.
> 
> Please do not make 'pdbedit' call out to cli* functions.  For one, then
> you need to start adding all the authentication stuff.  If we want to
> manipulate domain trusts, that's fine - but it should be an offline
> activity at least as far as CIFS is concerned.  'net' is the place for
> online activity.

Yes, that was my concern, too. As I wrote, this automatic sid checking
is to be moved to 'net', so no need to be worried. This was mostly testing
new pdb function and I consider HEAD as proper place to work on completely
new stuff.

> If we are adding a new trust, I would really like to see 'net rpc join'
> generalised, so that we can 'net rpc join TRUSTDOM', and just mark the
> stored secret/joined account as such.

Surely. The new functions will be put in 'net rpc join' and 'net rpc establish'
in place of secrets_store_* stuff.

> If we must add a trusted domain with a password (like NT4 does), then
> simply modify code that might read that SID to behave the same way NT4
> does - have a 'verify' codepath, and a 'we just don't have the SID yet'
> codepath.

Clear. We've got the same ideas about that :)


cheers,
-- 
Rafal Szczesniak 
Samba Team member  http://www.samba.org