[SAMBA4] libnet in winbind
abartlet at samba.org
Tue Jul 24 23:07:30 GMT 2007
On Tue, 2007-07-24 at 19:31 +0200, Kai Blin wrote:
> On Tuesday 24 July 2007 07:59:04 Andrew Bartlett wrote:
> > Just a quick note to let you know that I've tried to add the code to
> > winbind, to allow easy use of libnet.
> > The idea is simple: On each 'domain' structure, there is a libnet_ctx,
> > already correctly initialised. This should make it much more practical
> > to implement a new winbind call, or to merge existing winbind and libnet
> > functionality. Listing users and groups would seem an ideal place to
> > start. (And I'm happy to help with that, if you need it).
> I'm just not entirely sure how to get to that domain structure. Do I need to
> set this up in all of the nss calls? How would this work for domains we're
> not part in? The DC should take care of those, right?
For some calls yes, for others no: For sid2name and name2sid, we can
ask our DC, if we are a member of a domain (but must ask the others if
we are a DC). For things that require the user's display information
(like getpwnam), you will need to contact the target DC (or look in a
cache from the login).
So, to process a getpwnam, we perhaps need to:
name -> sid on the name (having split the name) with
sid -> domain on the resulting sid with wb_sid2domain_send()
Then call libnet_UserInfo_send with domain->libnet_ctx and the struct
libnet_UserInfo filled out.
Yes, it's a bit complex - perhaps we need a name2domain call to handle
the first two parts.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070725/d3f14d2f/attachment.bin
More information about the samba-technical