[PATCH] support for kerberos in plugin DC code

Stefan (metze) Metzmacher metze at samba.org
Fri Jul 29 09:09:10 MDT 2011

>> I'd like you to give quite some time to review and decide if it is ok.
>> I have been opposed on introducing gensec in s3 for a few reasons. One
>> is dependencies, the other is that IIRC gensec does not create new event
>> loops bu allows nesting of loops. That is something too dangerous for
>> the file server imho.
> Yes, this needs a lot of review, I hope to get some time in the next days.

Here're my first result, but I'll do more review on monday:

- please keep the prototype of gensec_socket_init() and
  dcerpc_schannel_creds() under source4. Maybe others too.

- In s3-auth Use else if in do_map_to_guest_server_info use:
  return make_server_info_guest();
  instead of status = make_server_info_guest()

- please change gensec_session_info() to take an explict memory context
  from the caller before using it in auth_ntlmssp_steal_session_info()

  BTW: Why does auth_ntlmssp_steal_session_info have 'steal' in its name?

- In s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hash
  please remove the empty lines after calling cli_get_session_key().

- In gensec: Don't keep a second copy of the auth4_context in
  wouldn't it be better to remove it from gensec_security?
  gensec_security should become a private structure in the end
  (hopefully renamed to gensec_session...)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110729/6defb578/attachment.pgp>

More information about the samba-technical mailing list