auth use info3 in auth_serversupplied_info (source3/)

simo idra at samba.org
Thu May 27 17:49:08 MDT 2010


On Fri, 2010-05-28 at 09:40 +1000, Andrew Bartlett wrote:
> On Fri, 2010-05-28 at 01:11 +0200, Guenther Deschner wrote:
> > On Thu, May 27, 2010 at 05:57:35PM -0500, Günther Deschner wrote:
> > > The branch, master has been updated
> > >        via  606be25... s3:auth Free sampass as soon as we have server_info
> > >        via  d9cffc0... s3:auth use info3 in auth_serversupplied_info
> > >        via  6713f3d... s3:auth add function to copy a netr_SamInfo3 structure
> > >        via  605cfef... s3:auth: add function to convert samu to netr_SamInfo3
> > >       from  667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test.
> > > 
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > 
> > Hi Simo,
> > 
> > arg... and of course I pushed and incomplete and old version of that
> > patchset :/
> > 
> > sorry, sorry, sorry.
> 
> I know it's only half-done, but I really like this idea!  It removes
> some really annoying conversions two and from the struct samu
> structure. 

Yes I wanted to remove all the pdb_* pollution in completely unrelated
code, it was very ugly.

Also we used almost always netr_samInfo3 so we were wasting time doing
samu -> info3 conversions in a few places.

> Also:
> -       if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) {
> 
> This looks like a really, really good idea.  The use of that routine
> (which it seems only works for users in the local domain) in general
> code scares me...
> 
> However, can we please work together to define the future auth
> structures?

Sure, although I do not plan to touch them too much (still trying to
remove some redundancy in auth_serversupplied_info but that's it).

> While my s3compat work didn't touch the auth_serversupplied_info
> structure, this change (which I didn't dare to contemplate) makes it
> much more likely that we can share more parts of this structure in
> future, and drastically  reduces the number of complex conversion the
> auth_samba4 module needs to do.

Yes helping share code is also one of the reasons, and samu was
absolutely in the way as it is strictly related to source3/passdb

> However, one caution I would note:
> 
> The pdb based code has some really funky logic in pdb_set_group_sid()
> and pdb_get_group_sid().  I would love to see that logic die, but if
> not, it would be good to ensure it is replicated.

the info3 structure is generated from samu, so it should retain that.

>   Also, the struct samu
> contained a copy of the user's 'struct passwd' as an attempt to avoid
> lots of getpwnam() lookups.  Was that just unused, or have we lost that
> optimisation?

Totally unused I guess, I didn't find a single place where some passwd
struct was retrieved from sam_account.

On the other hand now we convert (or just copy w/o wasteful conversions
to samu) to netr_SamInfo3 only once.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the samba-technical mailing list