Fwd: cvs_head and winbind problems (possible bug)
Andrew Bartlett
abartlet at pcug.org.au
Fri Sep 7 21:04:01 GMT 2001
Tim Potter wrote:
>
> Andrew Bartlett writes:
>
> > > OK - I think this is an introduced bug in the authentication.
> > > Following the logic through on an old version of smbd/reply.c the
> > > logic goes something like this:
>
> > I'll look into it shortly, but fixing it isn't as trivial as it should
> > be due to the abstraction of the new check_password() interface. I
> > should be able to get a proper solution when I get the next round of
> > authentication stuff merged. If sombody else wants to propose an easy
> > fix then I'll certainly look over the changes for them.
>
> OK I've nearly coded up a fix but got distracted on Friday
> afternoon. The fix is rename the username fields in
> auth_usersupplied_info so there is a unix_username (the unix user
> which the file access happens as) and a smb_username (the
> username that comes in over the wire). Authentication for
> security={domain,server} happens using the smb_username which is
> the source of the current bug, and authentication for
> security=user happens using the unix_username. This also
> involves passing both usernames right down the call chain.
>
> It seems a bit confusing at the moment with request_username and
> smb_username kind of meaning the same thing.
>
> Tim.
Thanks. I've got a funny feeling thats how I intended it to work in the
first place :-).
In any case a lot of this stuff will move around a bit as the
authenticaion subsystem starts passing back info - like the
unix_username they got and everything they need for a vuser token.
With that change I'll internalise all this behind the interface.
I'll have a look at all of this when I've got a little less on my plate.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Samba Team member, Build Farm maintainer abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list