auth use info3 in auth_serversupplied_info (source3/)

Andrew Bartlett abartlet at samba.org
Thu May 27 17:40:23 MDT 2010 

On Fri, 2010-05-28 at 01:11 +0200, Guenther Deschner wrote:
> On Thu, May 27, 2010 at 05:57:35PM -0500, Günther Deschner wrote:
> > The branch, master has been updated
> >        via  606be25... s3:auth Free sampass as soon as we have server_info
> >        via  d9cffc0... s3:auth use info3 in auth_serversupplied_info
> >        via  6713f3d... s3:auth add function to copy a netr_SamInfo3 structure
> >        via  605cfef... s3:auth: add function to convert samu to netr_SamInfo3
> >       from  667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test.
> > 
> > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> Hi Simo,
> 
> arg... and of course I pushed and incomplete and old version of that
> patchset :/
> 
> sorry, sorry, sorry.

I know it's only half-done, but I really like this idea!  It removes
some really annoying conversions two and from the struct samu
structure. 

Also:
-       if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) {

This looks like a really, really good idea.  The use of that routine
(which it seems only works for users in the local domain) in general
code scares me...

However, can we please work together to define the future auth
structures?

While my s3compat work didn't touch the auth_serversupplied_info
structure, this change (which I didn't dare to contemplate) makes it
much more likely that we can share more parts of this structure in
future, and drastically  reduces the number of complex conversion the
auth_samba4 module needs to do.

However, one caution I would note:

The pdb based code has some really funky logic in pdb_set_group_sid()
and pdb_get_group_sid().  I would love to see that logic die, but if
not, it would be good to ensure it is replicated.  Also, the struct samu
contained a copy of the user's 'struct passwd' as an attempt to avoid
lots of getpwnam() lookups.  Was that just unused, or have we lost that
optimisation?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100528/3cef1d73/attachment.pgp>

More information about the samba-technical mailing list