[PATCH] Correctly handle !authoritative in the rpc-based auth backends
Stefan Metzmacher
metze at samba.org
Wed Mar 22 09:56:32 UTC 2017
Am 22.03.2017 um 09:19 schrieb Stefan Metzmacher via samba-technical:
> Hi Andrew,
>
>>>>>> On Mon, Mar 20, 2017 at 10:54:59AM +0100, Stefan Metzmacher
>>>>>> wrote:
>>>>>>> I'm currently looking into this and I might have something
>>>>>>> that should
>>>>>>> do the job without changing too much within the next days.
>>>>>>
>>>>>> Can you share your ideas?
>>>>>
>>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/he
>>>>> ads/master3-auth
>>>>
>>>> Ok,
>>>> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/head
>>>> s/master3-auth-ok
>>>> contains the first preparation step that should not really change
>>>> the logic.
>>>
>>> The following patchset also passed autobuild and should not change
>>> the
>>> logic.
>>
>> Can you help me understand how this patch doesn't change the logic?
>>
>> auth3: Don't try other auth modules on any error
>> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=987e5ab6310
>> 6f2d427fe11ad780962f2f1e317bf
>
> If you look at the current make_auth_context_subsystem(), then
> the behavior change is more theoretical. The most complex
> combination of modules is "guest sam winbind:*".
> And check_guest_security(), auth_samstrict_auth() and
> check_winbind_security()
> seem to verify user_info->mapped.*, so we'll never process the
> same authentication in more than one module. Except maybe
> a problem from make_server_info_guest(), but at that point we've
> already verified that the username was empty and no password was
> provided and in that case any further module will always generate
> result != NT_STATUS_OK.
>
>> Otherwise it looks OK.
>
> Is it ok to push it with your review, now?
> So that we have it out of our way?
I guess we should add "BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976"
to at least some of the commits.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170322/a712e6ed/signature.sig>
More information about the samba-technical
mailing list