[PATCH] support for kerberos in plugin DC code
Stefan (metze) Metzmacher
metze at samba.org
Fri Jul 29 09:09:10 MDT 2011
>> I'd like you to give quite some time to review and decide if it is ok.
>> I have been opposed on introducing gensec in s3 for a few reasons. One
>> is dependencies, the other is that IIRC gensec does not create new event
>> loops bu allows nesting of loops. That is something too dangerous for
>> the file server imho.
> Yes, this needs a lot of review, I hope to get some time in the next days.
Here're my first result, but I'll do more review on monday:
- please keep the prototype of gensec_socket_init() and
dcerpc_schannel_creds() under source4. Maybe others too.
- In s3-auth Use else if in do_map_to_guest_server_info use:
instead of status = make_server_info_guest()
- please change gensec_session_info() to take an explict memory context
from the caller before using it in auth_ntlmssp_steal_session_info()
BTW: Why does auth_ntlmssp_steal_session_info have 'steal' in its name?
- In s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
please remove the empty lines after calling cli_get_session_key().
- In gensec: Don't keep a second copy of the auth4_context in
wouldn't it be better to remove it from gensec_security?
gensec_security should become a private structure in the end
(hopefully renamed to gensec_session...)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the samba-technical