trusted domains patch n+3
Andrew Bartlett
abartlet at samba.org
Fri Sep 6 13:57:00 GMT 2002
Rafal Szczesniak wrote:
>
> On Fri, Sep 06, 2002 at 11:39:52PM +1000, Andrew Bartlett wrote:
> > Rafal Szczesniak wrote:
> > >
> > > This is a patch consisting of various fixes. Short list
> > > includes:
> > > - using user_info.client_domain structure (from user supplied auth info)
> > > instead of user_info.domain
> >
> > This just is not correct. Current behaviour is by design
>
> Then I need to talk to you about this on purpose of various parts
> of auth structures. It's gonna be interesting discussion...
The basic idea is like the two usernames in the struct:
One is the username they wanted, the other is the username they got
(after the username map file). Similarly for domains - if the domain
they wanted is trusted, and we are not allowing trusted domains, or if
the domain doesn't exist, then we replace it with our own domain.
We may still need their original username/domain for authenticaion
(NTLMv2 comes to mind in particular), hence why we keep both.
> > > - new (and soon completely rewritten when generic cache comes
> > > up) make_user_info_map function
> >
> > I'll just wait for the final rewrite
>
> Sure. I assume it will be done right after implementing trusted
> domains cache on top of gencache.
Sounds good to me.
> > > - return type NTSTATUS instead of BOOL for make_user_info_map
> > > make_user_info and make_user_info_for_reply_encI
> > > (the rest of these routines should do the same, imho)
> >
> > Thankyou, applied
>
> And stay tuned for the rest of make_user_* functions...
I like it when sombody else cleans up the mess I leave behind ;-)
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list