Simo Sorce wrote: > Plus I have some questions about the current sam interface: > > - what is all the context thing needed for?
I don't like global variables, and this allows us to construct seperate contexts for operations like sam2sam, and testing, without fiddiling with global variables. > - what is the handle thing needed for ? Same as the SAM_ACCOUNT in pdb. > - what is access desired meant to do ? Authorization is a different > thing then storage, a backend is a storage! The SAM interface layer is the 'choke point'. If we do not wan't nasty races, then we must reterive things like the security descriptor with the data it applies to. This implies that the ACL checking code must resise either in the SAM backend, or the SAM interface. If we export it above this layer, we *will* get places where we don't check it properly. > - why do we insist to have a thing called unix accounts? It just does > not make sense to me. We need "real" users/groups mapping instead > (opposed to created on the fly by winbind based accounts). I'm not sure what you mean here - the current code doesn't even know about unix accounts. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
