i have a question for the people who sponsor the samba team. "when are you going to realise that your money is being wasted by not sponsoring me as a design architect on NT compatibility software suites for unix?"
here - yet again, another demonstration of how much money you have been wasting. hopefully this time this "really new" proposal - i.e. yet ANOTHER idea and proposal introduced by me almost three years ago - will actually get done, and done properly. you lot: read http://cb1.com/~lkcl/cifs - the surs RFC. remember two and only three important things, and you will not go wrong. if you do not remember these three things, you WILL end up with complications, security flaws and unmanageable sites. 1) you MUST allow mapping of a SID to both a user AND a group id. 2) mappings of SIDs to user ids MUST be both "onto" and "one-to-one". 3) mappings of SIDs to group ids MUST be both "onto" and "one-to-one". yet another demonstration of how arrogance, pride and cruelty can set a project back years by the simple expedient of not being willing to listen to people who know what they're talking about. i'm specifically referring to you - andrew - and you - jeremy. > Hi, > > here's a proposal for the idmap api; > > we'll have a cache that will be asked first, if this fails we ask the > central idmap and add the result to our cache. > > the idmap_central_* functions should be plugable/selectable (different > backends should be allowed here) > > and the backend should decide how to handle unmapped id's. > > comments please > > /* idmap api */ > NT_STATUS idmap_sid_to_id(DOM_SID *sid, int *id, BOOL *group); > { > if (NT_STATUS_IS_OK(idmap_cache_sid_to_id(sid,id,group))) > { > return NT_STATUS_OK; > } > > if (!NT_STATUS_IS_OK(idmap_central_sid_to_id(sid,id,group))) > { > return NT_STATUS_UNSUCCESFUL; > } > > idmap_cache_update(sid,id,group); > return NT_STATUS_OK; > } > > NT_STATUS idmap_uid_to_sid(uid_t uid, DOM_SID **sid); > { > if (NT_STATUS_IS_OK(idmap_cache_uid_to_sid(uid,sid))) > { > return NT_STATUS_OK; > } > > if (!NT_STATUS_IS_OK(idmap_central_uid_to_sid(uid,sid))) > { > return NT_STATUS_UNSUCCESFUL; > } > > idmap_cache_update(sid,uid,False); > return NT_STATUS_OK; > } > > NT_STATUS idmap_gid_to_sid(gid_t gid, DOM_SID **sid); > { > if (NT_STATUS_IS_OK(idmap_cache_gid_to_sid(gid,sid))) > { > return NT_STATUS_OK; > } > > if (!NT_STATUS_IS_OK(idmap_central_gid_to_sid(gid,sid))) > { > return NT_STATUS_UNSUCCESFUL; > } > > idmap_cache_update(sid,gid,True); > return NT_STATUS_OK; > } > > > metze > ----------------------------------------------------------------------------- > Stefan "metze" Metzmacher <[EMAIL PROTECTED]> > > > -- > Luke Howard | PADL Software Pty Ltd | www.padl.com -- ---------------------------------------------------------- this message is private, confidential, and is intented for the specified recipients only. if you received in error, altered, deleted, modified, destroyed or interfered with the contents of this message, in whole or in part, please inform the sender (that's me), immediately. if you, the recipient, reply to this message, and do not then receive a response, please consider your reply to have been lost or deliberately destroyed: i *always* acknowledge personal email received. please therefore take appropriate action and use appropriate protocols to ensure effective communication. thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
