[Patches] auth/credentials for user_auth_info
Andrew Bartlett
abartlet at samba.org
Mon Dec 19 23:26:56 UTC 2016
On Mon, 2016-12-19 at 23:54 +0100, Stefan Metzmacher wrote:
> Am 18.12.2016 um 20:08 schrieb Andrew Bartlett:
> > On Sun, 2016-12-18 at 13:51 +0100, Stefan Metzmacher wrote:
> > > Hi Andrew,
> > >
> > > >
> > > > >
> > > > > here're some patches to prepare the auth/credentials logic
> > > > > for
> > > > > usage within struct user_auth_info.
> > > > >
> > > > > This took quite some cycles to pass a full autobuild, it
> > > > > turns
> > > > > out that we have a lot of explicit and implicit test cavarage
> > > > > of the source3 POPT_COMMON_CREDENTIALS handling.
> > > > >
> > > > > Please review and push:-)
> > > > >
> > > > > This depends on the "Avoid selftest/autobuild interaction
> > > > > with
> > > > > /tmp"
> > > > > patchset.
> > > >
> > > > Thank you so much for doing this. The main issue I have with
> > > > it is
> > > > the
> > > > new password_will_be_nt_hash logic. This seems to me to be a
> > > > horrible
> > > > API!
> > > >
> > > > This however isn't an objection, assuming you tell me (as I
> > > > trust
> > > > you
> > > > will) that all the other options were even worse.
> > >
> > > I started with implementing it only in source3/lib/util_cmdline.c
> > > until some tests failed and I realized that
> > > cli_credentials_parse_string()
> > > or the callback also need to handle the hexstring.
> > > And we still have places were we use
> > > get_cmdline_auth_info_password()
> > > and get_cmdline_auth_info_use_pw_nt_hash() and pass down the
> > > hexstring
> > > through some layers.
> >
> > Thanks. Hopefully we can improve those wrappers in time, and
> > perhaps
> > get a cleaner API eventually.
> >
> > > >
> > > > I am very glad to see cli_credentials starting to get good use
> > > > across
> > > > the codebase. I'm well aware it isn't ideal, but it is an
> > > > improvement
> > > > and the consistency brings us great opportunities.
> > >
> > > Yes, there're a lot of things to do, but we can't change
> > > everything
> > > on
> > > one day:-)
> >
> > Indeed.
> >
> > I'll look over the rest at work today. The only other thing I
> > noted
> > was the changes to the existing tests. Can you clarify (here, and
> > in
> > the commit message) further why the existing tests needed to be
> > changed, specifically around the realm behaviour?
>
> See the updated commit messages. I hope that clarifies it.
It certainly does. I'm looking over both sets of patches today, I hope
to push as much as possible for you. May the race to 4.6 continue! :-)
Andrew Bartlett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20161220/d024b63a/signature.sig>
More information about the samba-technical
mailing list