[PATCH] common session_info structure
idra at samba.org
Tue Jul 19 15:05:49 MDT 2011
On Tue, 2011-07-19 at 15:34 +1000, tridge at samba.org wrote:
> Hi Jeremy and Volker,
> I've just been through a detailed review of Andrews s3-auth-renames
> I think we should push this into master now. It is a very impressive
> piece of refactoring which finally gives us a common auth_session_info
> structure right across our tree. This not only has benefits for
> sharing common code, it also makes the s3 auth code much clearer, as
> it cleanly separates the concept of the server supplied information
> and the post-processed structure which has the token fully
> formed. Mixing up of those two concepts was one of the reasons that
> the s3 auth code was sometimes so hard to follow, so separating those
> is a big win.
> It also makes the pipe handling of session information much cleaner,
> as we have exactly the same structure on both sides of the pipe,
> without any complex mapping functions.
> The approach Andrew took was to go via a set of intermediate
> structures which disappear by the end of the patch series. I think
> this approach really works as it makes each patch much clearer.
> It also ensures that we only have things like the guest information in
> one place (accessed via the security_session_user_level() helper),
> which ensures we can't accidentally upgrade someone from guest to user
> access due to a mixup of the redundent information.
> I'd like to propose that this set of patches go in soon. I doubt
> anyone is going to have the patience to do this again for a long time
> if the patch set bit rots due to tree changes. So I'd suggest that
> Andrew pushes this in a few days time based on my detailed review, but
> I wanted to give you both a chance to look at this if you have time.
> Cheers, Tridge
Most of it looks straightforward, so I tend to +1 as well.
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical