auth use info3 in auth_serversupplied_info (source3/)
simo
idra at samba.org
Thu May 27 17:49:08 MDT 2010
On Fri, 2010-05-28 at 09:40 +1000, Andrew Bartlett wrote:
> On Fri, 2010-05-28 at 01:11 +0200, Guenther Deschner wrote:
> > On Thu, May 27, 2010 at 05:57:35PM -0500, Günther Deschner wrote:
> > > The branch, master has been updated
> > > via 606be25... s3:auth Free sampass as soon as we have server_info
> > > via d9cffc0... s3:auth use info3 in auth_serversupplied_info
> > > via 6713f3d... s3:auth add function to copy a netr_SamInfo3 structure
> > > via 605cfef... s3:auth: add function to convert samu to netr_SamInfo3
> > > from 667716d... s4-smbtorture: finally test all levels in rap_NetUserGetInfo RAP-SAM test.
> > >
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> >
> > Hi Simo,
> >
> > arg... and of course I pushed and incomplete and old version of that
> > patchset :/
> >
> > sorry, sorry, sorry.
>
> I know it's only half-done, but I really like this idea! It removes
> some really annoying conversions two and from the struct samu
> structure.
Yes I wanted to remove all the pdb_* pollution in completely unrelated
code, it was very ugly.
Also we used almost always netr_samInfo3 so we were wasting time doing
samu -> info3 conversions in a few places.
> Also:
> - if (!pdb_copy_sam_account(dst->sam_account, src->sam_account)) {
>
> This looks like a really, really good idea. The use of that routine
> (which it seems only works for users in the local domain) in general
> code scares me...
>
> However, can we please work together to define the future auth
> structures?
Sure, although I do not plan to touch them too much (still trying to
remove some redundancy in auth_serversupplied_info but that's it).
> While my s3compat work didn't touch the auth_serversupplied_info
> structure, this change (which I didn't dare to contemplate) makes it
> much more likely that we can share more parts of this structure in
> future, and drastically reduces the number of complex conversion the
> auth_samba4 module needs to do.
Yes helping share code is also one of the reasons, and samu was
absolutely in the way as it is strictly related to source3/passdb
> However, one caution I would note:
>
> The pdb based code has some really funky logic in pdb_set_group_sid()
> and pdb_get_group_sid(). I would love to see that logic die, but if
> not, it would be good to ensure it is replicated.
the info3 structure is generated from samu, so it should retain that.
> Also, the struct samu
> contained a copy of the user's 'struct passwd' as an attempt to avoid
> lots of getpwnam() lookups. Was that just unused, or have we lost that
> optimisation?
Totally unused I guess, I didn't find a single place where some passwd
struct was retrieved from sam_account.
On the other hand now we convert (or just copy w/o wasteful conversions
to samu) to netr_SamInfo3 only once.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list