[PATCH] common session_info structure

tridge at samba.org tridge at samba.org
Mon Jul 18 23:34:11 MDT 2011


Hi Jeremy and Volker,

I've just been through a detailed review of Andrews s3-auth-renames
branch:

  http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-renames

I think we should push this into master now. It is a very impressive
piece of refactoring which finally gives us a common auth_session_info
structure right across our tree. This not only has benefits for
sharing common code, it also makes the s3 auth code much clearer, as
it cleanly separates the concept of the server supplied information
and the post-processed structure which has the token fully
formed. Mixing up of those two concepts was one of the reasons that
the s3 auth code was sometimes so hard to follow, so separating those
is a big win.

It also makes the pipe handling of session information much cleaner,
as we have exactly the same structure on both sides of the pipe,
without any complex mapping functions.

The approach Andrew took was to go via a set of intermediate
structures which disappear by the end of the patch series. I think
this approach really works as it makes each patch much clearer.

It also ensures that we only have things like the guest information in
one place (accessed via the security_session_user_level() helper),
which ensures we can't accidentally upgrade someone from guest to user
access due to a mixup of the redundent information.

I'd like to propose that this set of patches go in soon. I doubt
anyone is going to have the patience to do this again for a long time
if the patch set bit rots due to tree changes. So I'd suggest that
Andrew pushes this in a few days time based on my detailed review, but
I wanted to give you both a chance to look at this if you have time.

Cheers, Tridge


More information about the samba-technical mailing list