On 12/9/2010 8:37 PM, William R Speirs wrote: > I was looking through the APR and noticed that no function exists to get the > groups (gid > or char*) that a user belongs to. > > I started investigating how to implement such a thing on Unix/Linux and it > doesn't seem > hard; getgrouplist will return a gid list given a user. > > On Windows things are bit more tricky because the computer can either be a > member of a > domain, or on its own. I think the following basic flow will work, but I'd > like a second > opinion: > > - Call GetNetworkParams to see if there is a domain name > - If no domain name, then call NetUserGetLocalGroups > - If there is a domain name, then call NetUserGetGroups
It seems sensible, the only hassle is the performance penalty that could be assessed for hitting the domain server. Can you check this out and benchmark it? > The other issue is that on Windows I get back a char* for the groups; > whereas, on > Unix/Linux I get back a gid list. Is there a preference? Would people rather > a function > that returns a gid list or a char* list? Well, we should treat them as apr_gid_t, which on win32 would devolve to a pointer to a full UUID of the appropriate group (and we then unwind the identifier into a human-readable string with the appropriate apr_group_name_get function). APR 2.0 is open for business, patches for enhancements are most welcome!
