On Fri, 04 Apr 2014, Jakub Hrozek wrote:
> >* Presumably, the libsss_ad.so gpo code links successfully
because it is
> >pulling in a library (which is internally pulling in libsamba-security),
> > but I'm not sure which library that is. Any ideas?
> >* Is there a better solution for getting the gpo tests to link?
> Better solution will be to move necessary functions in upstream
> to public samba libraries. Your solution can be temporary.
>
> bool string_to_sid(struct dom_sid *sidout, const char *sidstr);
> int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen);
> bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
That's a good question for Samba developers. Linking with a private library
is always a risk. Was there any conversation already about exporting these
functions with Guenther maybe?
The alternative would be to add a configure time option
(--with-samba-libraries?) that distributions could use to specify where
the private Samba libraries are.
A last-resort alternative for us would be to re-implement the functions
ourselves.
We have these implemented in FreeIPA's
daemons/ipa-kdb/ipa_kdb_mspac.c
You can take and use them, they originally came from Samba too.
Not sure it is worth creating a separate library since it would still
depend on a struct dom_sid from samba.
--
/ Alexander Bokovoy