svn commit: samba r7058 - in branches/SAMBA_4_0: source/lib source/web_server swat/esptest

Simo Sorce idra at samba.org
Sun May 29 08:21:10 GMT 2005 

On Sun, 2005-05-29 at 12:46 +1000, Andrew Tridgell wrote:
> Simo,
> 
> Thanks for helping out with the esp code! Here are some comments on
> your auth patch.
> 
> *) you should not use 
>         #include "pwd.h"
>    Instead, use 
>     #include "system/passwd.h"
>    as that brings in all the configure checks for different
>    system authentication types.

Sorry, used what's in samba3's web/cgi.c, I'll change it

> *) The unixAuth() function you added takes only string arguments, so
>     you should use espDefineStringCFunction() instead of
>     espDefineCFunction().

ok, I'll do it immediately

> *) in esp_unixAuth() you explicitly set session['AUTHENTICATED'],
>    session['USERNAME'] etc like this:
> 
>      mprSetPropertyValue(&ep->variables[ESP_SESSION_OBJ],
> 			"PRIVILEGE", mprCreateStringVar("ADMIN", 0));
> 
>    I think that is the wrong approach. Instead, I think that
>    esp_UnixAuth() should return a ejs object, containing the elements
>    you want. Then the esp script can do this:

ok, I still think we should store auth data somewhere in the http server
so that esp script cannot change it "by mistake", but I'll work the code
as you prefer right now.

> *) You have a TODO like this:
>    TODO: find out how to pass the real client name/address here 
> 
>    If what you want is the client IP address, then have a look at how
>    the web server currently fills in request['REMOTE_HOST']. We should
>    probably put this in web->input.remote_host to avoid multiple calls
>    to socket_get_peer_name().

Yeah had no time yesterday to find out the right spot, thanks.

> *) finally I agree with abartlet that we should not reproduce the pam
>    auth code in source/web_server/. Instead, please use the generic
>    auth infrastructure, or work with Andrew to add anything it needs
>    if it isn't sufficient.

Yeah once we revive the auth wrt unix auth I'll move this little hack
out.

> Sorry for such a long comment on such a simple commit! While you
> probably know a lot of the above already, I thought it might be useful
> for others who may wish to work with the new web server code.

I think it is valuable too, thanks.

Simo.

-- 
Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list