[PATCH] Add back --with-fake-kaserver option to the build
abartlet at samba.org
Thu May 15 13:58:56 MDT 2014
On Thu, 2014-05-15 at 10:52 +0200, Christian Ambach wrote:
> Hi Andrew,
> Am 15.05.14 00:28, schrieb Andrew Bartlett:
> > This moves the util_sec.c code around, and as far as I can tell it is
> > only to support this fragment:
> > if (geteuid() != sec_initial_uid())
> > ct.ViceId = getuid();
> > This will always execute (because set_init() hasn't been called), so it
> > seems pointless in wbinfo. It will be much less confusing if this is
> > pushed to the caller, and util_sec.c not invoked.
> This code is called from wbinfo and from smbd, see
> source3/smbd/service.c, line 768. smbd calls sec_init().
> So your request to keep util_sec.c where it currently is would mean that
> this check would need to be done in smbd and the result being passed
> down into the AFS settoken code.
That is exactly what I ask for. Indeed, that much appears to already be
> I do not think this is a very good
> design as making this decision is not smbd's task, but should be made in
> the AFS support code.
smbd knows what UID to use, and appears to be setting it in afs_login().
Why do we need to override it?
> My understanding is that sec_initial_uid() was put there with 9252df53
> to make sure that make test will run properly when not running as root.
> However, make test will not exercise the AFS support code. So maybe it
> is a better idea to get back to the initial if (geteuid() != 0)
> construct in the afs_settoken.c to get rid of the dependency to util_sec?
Please ask Volker why the override is there, and get an explanation
added, or remove it.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical