Getting rid of smb_krb5_send_and_recv_func()
Andrew Bartlett
abartlet at samba.org
Mon May 5 16:52:00 MDT 2014
On Mon, 2014-05-05 at 09:32 +0200, Andreas Schneider wrote:
> On Thursday 01 May 2014 09:31:50 Andrew Bartlett wrote:
> > On Wed, 2014-04-30 at 11:54 +0200, Andreas Schneider wrote:
> > > Hi,
> > >
> > > with Andrew his patches and the preloadable socket_wrapper we're now able
> > > to get rid of smb_krb5_send_and_recv_func().
> > >
> > > I've prepared a patchset here:
> > >
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/smb_krb5_se
> > > nd_and_recv_func
> > >
> > >
> > > A local 'make test' completed successfully.
> >
> > My main concern is that this implies that we are backing down from
> > Kerberos due to it failing, rather than actually handling this properly.
>
> I don't really get what you want to explain to me. For me this code looks like
> it has been created so that heimdal works with socket_wrapper.
>
> > That is, I think we fall into the KDC not found case, and fall back to
> > NTLM, when Samba is operating in single process mode.
>
> If we remove this function then heimdal will take care of sending the packet.
> doesn't it?
>
> Can you please explain this in more details so that Günther and I understand
> the purpose of these functions.
It has three purposes:
To use socket_wrapper, and to use our name resolution, and to use our
event loop, so a single-process mode server can talk to itself. You
handled the first, perhaps the second and not the third.
Please do not remove this without my explicit ACK.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list