trusted domains patch n+3
Rafal Szczesniak
mimir at diament.ists.pwr.wroc.pl
Fri Sep 6 14:19:00 GMT 2002
On Fri, Sep 06, 2002 at 11:56:46PM +1000, Andrew Bartlett wrote:
> Rafal Szczesniak wrote:
> >
> > On Fri, Sep 06, 2002 at 11:39:52PM +1000, Andrew Bartlett wrote:
> > > Rafal Szczesniak wrote:
> > > >
> > > > This is a patch consisting of various fixes. Short list
> > > > includes:
> > > > - using user_info.client_domain structure (from user supplied auth info)
> > > > instead of user_info.domain
> > >
> > > This just is not correct. Current behaviour is by design
> >
> > Then I need to talk to you about this on purpose of various parts
> > of auth structures. It's gonna be interesting discussion...
>
> The basic idea is like the two usernames in the struct:
>
> One is the username they wanted, the other is the username they got
> (after the username map file). Similarly for domains - if the domain
> they wanted is trusted, and we are not allowing trusted domains, or if
> the domain doesn't exist, then we replace it with our own domain.
>
> We may still need their original username/domain for authenticaion
> (NTLMv2 comes to mind in particular), hence why we keep both.
Ok. This clears some of my ideas about this. Indeed, this code should
look different.
> > > > - return type NTSTATUS instead of BOOL for make_user_info_map
> > > > make_user_info and make_user_info_for_reply_encI
> > > > (the rest of these routines should do the same, imho)
> > >
> > > Thankyou, applied
> >
> > And stay tuned for the rest of make_user_* functions...
>
> I like it when sombody else cleans up the mess I leave behind ;-)
But don't get use to it ;-)
--
cheers,
+------------------------------------------------------------+
|Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl> |
|*BSD, GNU/Linux and Samba /
|__________________________________________________________/
More information about the samba-technical
mailing list