[PATCH] s4/ldapcmp: Fix the parsing of the second set of credentials

Anatoliy Atanasov anatoliy.atanasov at postpath.com
Wed Jan 5 01:18:36 MST 2011


Hi Kamen,

> > Hi Toli,
> 
> What didn't work for you so that you had to change the code? I.e.:
> http://git.samba.org/?p=samba.git;a=commitdiff;h=1cbce84683ef4fa49b85d8
> 7988c5e8db7057530a
What happened was that if we pass second set of arguments they were not parsed from creds2, so i had to leave the guess parameter to its default value so we can get the second set of credentials from the command line.
The side effect was that if you parse for the second set creds2.is_anonimous() fails because somehow the creds2 username was set to root(the user we were using to run the script). This showed that the is_anonimous check can't be accurate if you try to parse for the second set of credentials.

> http://git.samba.org/?p=samba.git;a=commitdiff;h=f8275bae5d7b471967be72
> 22170d049c18b8882f
After this fix the ldapcmp can be called with 2 sets of credential but failed when we passed 1 set of credentials.
So because we can't get the second set of credentials without parsing, we had to change the wrong assumption that is_anonymous works. The easiest fix was to check for password, because if you don't pass the second set of credentials the parser will get the default username but the password will be empty.
> 
> As far as I can see, those changes adds no value except that we may
> get unexpected results
> if we pass --password2 and forget to pass --username2
> I think such unexpected result we'll have in case one have 'PASSWD'
> environment variable set.
That is correct, we still need to came up with a general fix to this issue.

Regards, Anatoliy


More information about the samba-technical mailing list