[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Andrew Bartlett
abartlet at samba.org
Sun Mar 12 21:17:35 UTC 2017
On Sat, 2017-03-11 at 14:40 +0100, Volker Lendecke wrote:
> On Sat, Mar 11, 2017 at 08:31:36AM +1300, Andrew Bartlett wrote:
> > On Fri, 2017-03-10 at 15:08 +0100, Volker Lendecke wrote:
> > > On Fri, Mar 10, 2017 at 05:46:58PM +1300, Andrew Bartlett wrote:
> > > >
> > > > The pdbtest patch looks wrong, we have been testing the
> > > > different
> > > > auth
> > > > methods via that tool, so fixing it to 'sam' seems to be
> > > > limiting
> > > > what
> > > > we are testing.
> > >
> > > Well, it does survive autobuild.
> >
> > Sure, but that is because you remove what it is testing. pdbtest
> > is
> > acting as the driver for a sort of unit test of the auth subsystem,
> > as
> > controlled by 'auth methods'. The tests set auth methods to
> > various
> > values to try and test those modules.
> >
> > This was added to ensure we didn't have untested code in the auth
> > subsystem and to avoid relying on indirect tests.
>
> https://git.samba.org/?p=vl/samba.git/.git;h=refs/heads/auth
>
> has fixes for this issue.
>
> Comments?
That addresses my specific concern here regarding pdbtest.
For the change in winbind_pam could we do:
char *auth_methods = "sam";
if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
auth_methods = "samba4:sam";
}
That would keep this patch self-contained for the purpose it declares,
without swapping the auth backend in use. I realise that you swap it
implicitly later with https://git.samba.org/?p=vl/samba.git/.git;a=comm
itdiff;h=b420cf0a648b420256284390f7e51eb5c1a2c794 but that isn't in the
same patch, so in the meantime we would try to run the source3 auth
stack against pdb_samba_dsdb.
Not doing that should help with the bisect-ability desire.
Thanks,
Andrew Bartlett
More information about the samba-technical
mailing list