unixinfo.idl

Stefan (metze) Metzmacher metze at samba.org
Wed May 18 15:46:31 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Lendecke schrieb:
> On Wed, May 18, 2005 at 03:51:53PM +0200, Stefan (metze) Metzmacher wrote:
> 
> 
>>BTW: all functions should use this toplevel structure, to handle future
>>updates and new info levels also I think it would make sense to return the
>>domain and account name too.  or maybe add another info level to get this
>>info too
> 
> 
> After some irc talk metze helped me with the array definition for getpwuid,
> here is a revised version.
> 
> Rationale:
> 
> I want this interface to be as slim as possible. This is for winbind to a
> Samba PDC, period.
> 
> As per tridge's idea this uses 64-bit unix id's, room for completely seamless
> expansion.
> 
> getpwuid does not take an infolevel as this is a direct match for getpwuid(3).
> 
> It does not return the name as this can be retrieved via
> sid2sid->lsa_sid2name. I'd like to avoid duplicate ways to get info. In this
> sense, the gecos field can also be avoided as we get the full name from
> queryuserinfo and querydispinfo level 1. This then ends up with replacements
> for just 'template homedir' and 'template shell'.
> 
> The NTSTATUS per array element indicates that individual uid's could not be
> found by the DC.
> 
> sid2uid & friends do not take and return arrays, as this is completely static
> information that is queried only once per ID.
> 
> getpwuid takes an array as this will be queried repeatedly upon every
> enumerating call.
> 
> Because the sid2[ug]id calls can trigger allocation of a unix id and getpwuid
> offers potentially sensitive information, this interface should only be
> available via schannel. It's not primarily for secrecy, more due to mutual
> authentication between DC and workstation.

I think it should ok to ask by everyone but only allocate new id's when the NTTOKEN of the
session user/workstation has the privilege.

- --
metze

Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCi2NVm70gjA5TCD8RAix2AJ90fBnO79A6SrYDFFL9hJnJ8JrxHwCfSKdN
LCx3fwvwmGTrUt36UsHr1kg=
=EN5I
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list