unixinfo.idl
Stefan (metze) Metzmacher
metze at samba.org
Wed May 18 15:46:31 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker Lendecke schrieb:
> On Wed, May 18, 2005 at 03:51:53PM +0200, Stefan (metze) Metzmacher wrote:
>
>
>>BTW: all functions should use this toplevel structure, to handle future
>>updates and new info levels also I think it would make sense to return the
>>domain and account name too. or maybe add another info level to get this
>>info too
>
>
> After some irc talk metze helped me with the array definition for getpwuid,
> here is a revised version.
>
> Rationale:
>
> I want this interface to be as slim as possible. This is for winbind to a
> Samba PDC, period.
>
> As per tridge's idea this uses 64-bit unix id's, room for completely seamless
> expansion.
>
> getpwuid does not take an infolevel as this is a direct match for getpwuid(3).
>
> It does not return the name as this can be retrieved via
> sid2sid->lsa_sid2name. I'd like to avoid duplicate ways to get info. In this
> sense, the gecos field can also be avoided as we get the full name from
> queryuserinfo and querydispinfo level 1. This then ends up with replacements
> for just 'template homedir' and 'template shell'.
>
> The NTSTATUS per array element indicates that individual uid's could not be
> found by the DC.
>
> sid2uid & friends do not take and return arrays, as this is completely static
> information that is queried only once per ID.
>
> getpwuid takes an array as this will be queried repeatedly upon every
> enumerating call.
>
> Because the sid2[ug]id calls can trigger allocation of a unix id and getpwuid
> offers potentially sensitive information, this interface should only be
> available via schannel. It's not primarily for secrecy, more due to mutual
> authentication between DC and workstation.
I think it should ok to ask by everyone but only allocate new id's when the NTTOKEN of the
session user/workstation has the privilege.
- --
metze
Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCi2NVm70gjA5TCD8RAix2AJ90fBnO79A6SrYDFFL9hJnJ8JrxHwCfSKdN
LCx3fwvwmGTrUt36UsHr1kg=
=EN5I
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list