[PATCH] common session_info structure
jra at samba.org
Tue Jul 19 10:29:56 MDT 2011
On Tue, Jul 19, 2011 at 03:34:11PM +1000, tridge at samba.org wrote:
> Hi Jeremy and Volker,
> I've just been through a detailed review of Andrews s3-auth-renames
> I think we should push this into master now. It is a very impressive
> piece of refactoring which finally gives us a common auth_session_info
> structure right across our tree. This not only has benefits for
> sharing common code, it also makes the s3 auth code much clearer, as
> it cleanly separates the concept of the server supplied information
> and the post-processed structure which has the token fully
> formed. Mixing up of those two concepts was one of the reasons that
> the s3 auth code was sometimes so hard to follow, so separating those
> is a big win.
> It also makes the pipe handling of session information much cleaner,
> as we have exactly the same structure on both sides of the pipe,
> without any complex mapping functions.
> The approach Andrew took was to go via a set of intermediate
> structures which disappear by the end of the patch series. I think
> this approach really works as it makes each patch much clearer.
> It also ensures that we only have things like the guest information in
> one place (accessed via the security_session_user_level() helper),
> which ensures we can't accidentally upgrade someone from guest to user
> access due to a mixup of the redundent information.
> I'd like to propose that this set of patches go in soon. I doubt
> anyone is going to have the patience to do this again for a long time
> if the patch set bit rots due to tree changes. So I'd suggest that
> Andrew pushes this in a few days time based on my detailed review, but
> I wanted to give you both a chance to look at this if you have time.
Don't have a lot of time right now, but I'll try and look. Don't
wait for my review to push, if you've done the review and you're
happy then that's good enough for me !
More information about the samba-technical