More s3compat-for-review patches

Andrew Bartlett abartlet at samba.org
Thu May 27 06:47:29 MDT 2010 

On Thu, 2010-05-27 at 08:23 +0200, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > On Wed, 2010-05-26 at 11:45 +1000, Andrew Bartlett wrote:
> >> On Wed, 2010-05-26 at 09:54 +1000, Andrew Bartlett wrote:
> >>> I've updated my s3compat-for-review tree, which now includes the use of
> >>> the source3/ ntlmssp_sign.s and ntlmssp.h in common code.
> >>>
> >>> I would appreciate any useful comments that folks have, as I would like
> >>> to merge this code.  Most of the patches should be able to be
> >>> cherry-picked on their own, if only some are acceptable.
> >>>
> >>> http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3compat-for-review
> >>
> >> I've updated this branch following feedback on IRC from simo.  (A number
> >> of the patches to move functions into different files have been split
> >> into multiple patches). 
> >>
> >> It passes 'make selftest' with the same errors as master.
> > 
> > If I don't get any further comments (and I believe I've addressed simo's
> > concerns about the file split-up being taken any further), I intend to
> > push this as-is at the end of this week (tomorrow). 
> 
> Please don't push it as is.
> 
> I reviewed it yesterday via gitweb on my cellphone (in readonly mode:-)
> 
> I'd like to review it more detailed today, as I found some minor details
> I'd like to be fixed before it's pushed to master.
> 
> The first things I noticed are:
> - we don't need a ntlmssp_private.h (at least in this patch stream).

Yes and no.  There is no reason ntlmssp_debug_flags needs to be used
outside the NTLMSSP code, but must be shared between the sign and main
code.  

I agree the other changes are not strictly required, but as you may have
guessed or seen in my s3compat branch, I need those for the way GENSEC
uses the common code.  I don't see how they do any harm. 

> - for "s3:auth Make AUTH_NTLMSSP_STATE a private structure"
>   the change to source3/auth/auth_util.c is unrelated and changes
>   the behavior. It should be its own commit.

Indeed!  Sorry about that. 

>   Would it make sense to handle the case where
>   auth_ntlmssp_server_info() is called twice without segfaulting?

I don't think so - we would have to resort to talloc references and hope
that the code that it calls handles that well.  In any case, I wanted to
be very careful to preserve the existing behaviour, because of all the
warnings I've been given not to change behaviour. 

> - for "ntlmssp Make the ntlmssp.h from source3/ a common header"
>   the change to source3/Makefile.in is completely unrelated.

Again, sorry. 

> - for "s3:idmap Use idmap.idl defined structures and constants"
>   I'd like to get the ack from Michael as he's currently working on
>   idmap changes.
>   But for sure deleting source3/librpc/gen_ndr/README is wrong there.

Yeah.  I get in trouble here because Samba3 builds in
source3/librpc/gen_ndr/ while s3compat builds in
source4/bin/default/source3/librpc/gen_ndr.  I do builds of Samba3 in my
tree to check it's all OK, and I have to remove the generated files
before I go back to a waf build, or else it won't rebuild them. 

Is there a good way to ensure that we wipe these conflicting files other
than the clearly risky rm *?  I guess I'll try a 'make clean' in the
source3 autoconf build and see if that does the trick. 

> I like this commits:
> "s3:winbind tidy up connecting the winbind sockets."
> "s3:winbind Avoid use-after-free in s3compat wrapper of winbindd"
> but we should defer the code moving in winbindd to happen after this
> changes.

Thankyou for taking the time to review this, I do really appreciate it. 

I'm sorry this patch set was so under-prepared.  I'll try and do a
better job of it in future. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100527/6eca831a/attachment.pgp>

More information about the samba-technical mailing list