RFC also store resource group ids available from pac logon from successful pam authentication

Noel Power nopower at suse.com
Thu Jun 11 01:22:35 MDT 2015


On 11/06/15 03:59, Andrew Bartlett wrote:
> On Wed, 2015-06-10 at 16:33 -0700, Jeremy Allison wrote:
>> On Wed, Jun 10, 2015 at 02:11:36PM +0100, Noel Power wrote:
>>> Hi
>>>
>>> came across a bug where sometimes groups returned (e.g. from id command)
>>> were missing some group sids, turns out these group ids are resource
>>> groups. If we successfully authenticate via pam then  the netsamlogon
>>> cache is updated but is missing any of those resource group ids, this
>>> patch attempts to address that.
>> Looks good to me - Reviewed-by: Jeremy Allison.
>>
>> So it's at least as good as what we already have.
>> Having said that, I noticed in the:
>>
>>         for (i=0; i < pac_data->num_buffers; i++) {
>>
>> code just before it, it's theoretically possible
>> to exit that look with logon_info == NULL (if
>> there was no pac_data->buffers[i].type == PAC_TYPE_LOGON_INFO
>> sent in the PAC).
>>
>> So I think the there should be an additional fix on top
>> of your patch to tidy that possibility up.
true!, nice catch
>>
>> Can I get a second Team reviewer for the 2 patches please ?
> Done.  They are now in autobuild.
>

thanks all for the review/push etc.

Noel


More information about the samba-technical mailing list