[PATCH] make 'required_membership_sid' accessible for
abartlet at samba.org
Tue Jul 13 13:30:07 GMT 2004
On Tue, 2004-07-13 at 19:24, Guenther Deschner wrote:
> attached is a new version that adds support for *any* type of sid to make
> successfull authentication dependend on (this works now for pam_winbindd and
> For this to work, I've added aliases to winbindd_getusersids()
> (winbindd_getgroups already enumerates gid-representations of aliases).
> It can be tested the easiest with ntlm_auth:
> Add W2K3TEST\Administrator to e.g. BUILTIN\Administrators.
> ntlm_auth --username=administrator --password=secret --domain=w2k3test
> The way get_user_sids gets all sids for the user is not very well done, I'm
> afraid. How could it be done cleaner?
Yes, it looks ugly. Why do you have a name->sid call in there? The
existing code already shows how to create a user sid from the RID in the
And instead of this:
+ /* lookup sids for user_sid */
+ fstrcpy(state->request.data.sid, sid_string_static(&user_sid));
+ if (!winbindd_getusersids(state))
+ return NT_STATUS_UNSUCCESSFUL;
You should patch the winbindd_getusersids() to have a wrapper, and a
function with 'normal' arguments, and call that from within winbindd.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040713/31d0feb2/attachment.bin
More information about the samba-technical