[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Oct 18 10:52:10 MDT 2011 

On Tue, Oct 18, 2011 at 09:49:41AM -0700, Jeremy Allison wrote:
> On Tue, Oct 18, 2011 at 01:55:04PM +0200, Andrew Bartlett wrote:
> > The branch, master has been updated
> >        via  94799db s3-auth move the s3 auth context onto gensec_ntlmssp once we start
> >        via  fa12756 s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c
> >        via  f9b0426 s3-ntlmssp split auth_ntlmssp_client_start() into two parts
> >        via  f3333bd s3-rpc_client remove cli_auth_ntlmssp_data_destructor
> >       from  56328a4 s3/doc: add man page for aio_fork vfs module
> > 
> > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> > 
> > 
> > - Log -----------------------------------------------------------------
> > commit 94799db9b5d33ded34ad3e934da673a44d48094a
> > Author: Andrew Bartlett <abartlet at samba.org>
> > Date:   Tue Oct 18 16:34:27 2011 +1100
> > 
> >     s3-auth move the s3 auth context onto gensec_ntlmssp once we start
> >     
> >     We do not need it on the auth_ntlmssp_state any longer.
> >     
> >     Andrew Bartlett
> >     
> >     Autobuild-User: Andrew Bartlett <abartlet at samba.org>
> >     Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
> > 
> > commit fa1275610b3c7cad75b5b86ae4b32d8781d1acc0
> > Author: Andrew Bartlett <abartlet at samba.org>
> > Date:   Tue Oct 18 16:16:02 2011 +1100
> > 
> >     s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c
> >     
> >     This removes the need to have if (ans->gensec_security) everywhere.
> >     
> >     Andrew Bartlett
> 
> Andrew,
> 
> 	I *really* *really* hate the use of talloc_reference()/talloc_unlink()
> in this code. I know it's essentially doing the same as a talloc_move()
> in this case, but it doesn't always do so (looking at the calls to
> gensec_set_credentials() in source4/smb_server/smb/negprot.c for
> example.
> 
> I really think that doing references in gensec is a completely broken
> design that *WILL* come back and bite us sometime later.
> 
> Is there some way gensec can be changed to make a copy of
> the credentials instead ?
> 
> It's probably not possible to fix this short term, but I'd
> strongly recommend gensec moving away from talloc_reference()
> of any passed in pointers. This is a disaster waiting to
> happen IMHO.

Being more constructive :-).

talloc_reference() is only used inside gensec_start.c, so
we only have a small piece of code to fix (and all the
callers of course :-).

I'd be willing to work on this if you agree.

Jeremy.

More information about the samba-technical mailing list