[PATCH] support for kerberos in plugin DC code
Stefan (metze) Metzmacher
metze at samba.org
Tue Aug 2 06:21:28 MDT 2011
Am 02.08.2011 01:01, schrieb Andrew Bartlett:
> On Fri, 2011-07-29 at 17:09 +0200, Stefan (metze) Metzmacher wrote:
>>>> I'd like you to give quite some time to review and decide if it is ok.
>>>> I have been opposed on introducing gensec in s3 for a few reasons. One
>>>> is dependencies, the other is that IIRC gensec does not create new event
>>>> loops bu allows nesting of loops. That is something too dangerous for
>>>> the file server imho.
>>>
>>> Yes, this needs a lot of review, I hope to get some time in the next days.
>>
>> Here're my first result, but I'll do more review on monday:
>
> I've addressed all these issues (including the
> auth_ntlmssp_steal_session_info(), but not removing the auth4_context
> for the reasons I've explained). Can you please let me know soon if you
> have any further comments that cannot be addressed in-tree, as I would
> like to move forward with this work.
Thanks, here some more comments:
- Please avoid } else { after return statements,
neesting can be avoided in that case and it makes the
code easier to read.
+ return nt_status;
+ } else {
- Please use (at least in future)
/*
* some multi line
* text...
*/
instead of
/* some multi line
* text ... */
It makes the code much more readable.
- In source4/utils/ntlm_auth.c
nt_status = gensec_session_info(state->gensec_state, NULL, &session_info);
NULL => mem_ctx to avoid memory leaks.
- In s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmssp
In auth_ntlmssp_want_feature this comment seems to be wrong:
/* You need to negotiate signing to get a windows server to calculate
a session
* key */
- In s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_update
auth_ntlmssp_update doesn't handle MORE_PROCESSING_REQUIRED.
- It would be nice to have
(blob1.length > 7 && strncmp((char *)(blob1.data), "NTLMSSP", 7) == 0)
in a helper function.
The rest looks good to me, did you run your wintest?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110802/03c043ec/attachment.pgp>
More information about the samba-technical
mailing list