[PATCH] Add back --with-fake-kaserver option to the build

Christian Ambach ambi at samba.org
Thu May 15 02:52:07 MDT 2014

Hi Andrew,

Am 15.05.14 00:28, schrieb Andrew Bartlett:
> This moves the util_sec.c code around, and as far as I can tell it is
> only to support this fragment:
> 	if (geteuid() != sec_initial_uid())
> 		ct.ViceId = getuid();
> This will always execute (because set_init() hasn't been called), so it
> seems pointless in wbinfo.  It will be much less confusing if this is
> pushed to the caller, and util_sec.c not invoked.

This code is called from wbinfo and from smbd, see
source3/smbd/service.c, line 768. smbd calls sec_init().

So your request to keep util_sec.c where it currently is would mean that
this check would need to be done in smbd and the result being passed
down into the AFS settoken code. I do not think this is a very good
design as making this decision is not smbd's task, but should be made in
the AFS support code.

My understanding is that sec_initial_uid() was put there with 9252df53
to make sure that make test will run properly when not running as root.
However, make test will not exercise the AFS support code. So maybe it
is a better idea to get back to the initial if (geteuid() != 0)
construct in the afs_settoken.c to get rid of the dependency to util_sec?


More information about the samba-technical mailing list