[PATCH] net: Add support for a credentials file

Andrew Bartlett abartlet at samba.org
Tue May 1 09:04:51 UTC 2018 

On Tue, 2018-05-01 at 06:30 +0100, Olly Betts wrote:
> On Tue, May 01, 2018 at 03:53:42PM +1200, Andrew Bartlett wrote:
> > On Tue, 2018-05-01 at 04:15 +0100, Olly Betts via samba-technical
> > wrote:
> > > On Tue, May 01, 2018 at 02:40:08PM +1200, Andrew Bartlett via samba-technical wrote:
> > > > It would be better if it could either wrap or be wrapped by
> > > > cli_credentials_parse_file().  Ideally by adding
> > > > POPT_COMMON_CREDENTIALS to the popt table and reworking the code to use
> > > > it, just like client.c (for smbclient) does. 
> > > 
> > > I did look at using POPT_COMMON_CREDENTIALS but there are short
> > > option clashes with existing net options (-N and -S) and would
> > > require doing something with the options in POPT_COMMON_CREDENTIALS
> > > which net doesn't currently support.
> > 
> > -N we can probably work around (only used for groupmap).  -S is harder,
> > perhaps removing that from the popt_common.c side would be best (and
> > fix source4/lib/cmdline/popt_credentials.c to match). 
> > 
> > I'm hesitant about breaking scripts but making this use the common
> > credentials parsing code is really important (not just for parsing the
> > file, but for the rest of the things it gives us). 
> 
> Some of the options which net doesn't currently support seem fairly
> obvious to hook up, but what about --simple-bind-dn?

Just ignore it.

> > > > I realise this is a lot more work, but we need to unify this rather
> > > > than see further parser proliferation. 
> > > 
> > > Given the concept's liked, I think a common parser shouldn't be too much
> > > work (especially as I forked the existing one).
> > 
> > If you could give using the POPT_COMMON_CREDENTIALS one more try I
> > would appreciate it.  There is a lot we gain if we unify this. 
> 
> I'll take a look, though from what I've seen so far it might be hairier
> than I can justify the time for.

I agree, but I still feel this needs to be done right. 

> I've already adjusted the code to reuse the existing parser (which is
> actually simpler than the first patch), but haven't tested that yet.
> I'll attach the revised patch so I can't lose it.

Thanks.  It will need an automated test.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list