[PATCH 4/4] server: Add primitive support for setting and getting the security descriptor of files based on their Unix permissions.

[Robert Shearman]

Kai Blin wrote:
> On Wednesday 03 October 2007 11:18:48 Robert Shearman wrote:
>   
>> Alexandre Julliard wrote:
>>     
>>> Robert Shearman <rob at codeweavers.com> writes:
>>>       
>>>> +    /* assume we are the owner */
>>>> +    if (st.st_mode & S_IRWXU)
>>>> +    {
>>>>         
>>> Why are you assuming that?  There doesn't seem to be much sense in
>>> checking permissions without checking the owner.
>>>       
>> We don't have a mapping between NT SIDs and Unix user IDs in Wine, so if
>> the owner is different then there isn't much we can do with it.
>>     
>
> Would it make sense to try and get winbind to do that for us, if possible? Or 
> would we be unable to use the results of that in a sensible way?
>
> Jerry Carter is currently working on an LGPL winbind client library, we could 
> use that. In the long run, winbind will convert to an idl-based protocol and 
> we could just talk to winbindd directly, thus dropping a dependency.
>   

Good suggestion for a discussion at WineConf :-)

However, we can't do any blocking calls while executing a server call on 
the behalf of a client, otherwise it will cause performance problems for 
all the applications that the user is running. Also, we don't have an 
IDL compiler / runtime that is compatible with wineserver. Further more, 
our mapping of users / groups will be slightly different from Samba's 
due to most Win32 installers requiring the user to be an administrator.

I think all of these issues can be worked around, but it's not something 
we can rush into (and in case the Samba developers are doing this just 
for us, an winbind client library is not going to useful.)

-- 
Rob Shearman