[PATCH] Add back --with-fake-kaserver option to the build

Andrew Bartlett abartlet at samba.org
Thu May 15 13:58:56 MDT 2014

On Thu, 2014-05-15 at 10:52 +0200, Christian Ambach wrote:
> Hi Andrew,
> Am 15.05.14 00:28, schrieb Andrew Bartlett:
> > This moves the util_sec.c code around, and as far as I can tell it is
> > only to support this fragment:
> >
> > 	if (geteuid() != sec_initial_uid())
> > 		ct.ViceId = getuid();
> >
> > This will always execute (because set_init() hasn't been called), so it
> > seems pointless in wbinfo.  It will be much less confusing if this is
> > pushed to the caller, and util_sec.c not invoked.
> This code is called from wbinfo and from smbd, see
> source3/smbd/service.c, line 768. smbd calls sec_init().
> So your request to keep util_sec.c where it currently is would mean that
> this check would need to be done in smbd and the result being passed
> down into the AFS settoken code. 

That is exactly what I ask for.  Indeed, that much appears to already be

> I do not think this is a very good
> design as making this decision is not smbd's task, but should be made in
> the AFS support code.

smbd knows what UID to use, and appears to be setting it in afs_login().
Why do we need to override it?

> My understanding is that sec_initial_uid() was put there with 9252df53
> to make sure that make test will run properly when not running as root.
> However, make test will not exercise the AFS support code. So maybe it
> is a better idea to get back to the initial if (geteuid() != 0)
> construct in the afs_settoken.c to get rid of the dependency to util_sec?

Please ask Volker why the override is there, and get an explanation
added, or remove it.  

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list