[Patches] auth/credentials for user_auth_info

Andrew Bartlett abartlet at samba.org
Sun Dec 18 19:08:41 UTC 2016 

On Sun, 2016-12-18 at 13:51 +0100, Stefan Metzmacher wrote:
> Hi Andrew,
> 
> > 
> > > 
> > > here're some patches to prepare the auth/credentials logic for
> > > usage within struct user_auth_info.
> > > 
> > > This took quite some cycles to pass a full autobuild, it turns
> > > out that we have a lot of explicit and implicit test cavarage
> > > of the source3 POPT_COMMON_CREDENTIALS handling.
> > > 
> > > Please review and push:-)
> > > 
> > > This depends on the "Avoid selftest/autobuild interaction with
> > > /tmp"
> > > patchset.
> > 
> > Thank you so much for doing this.  The main issue I have with it is
> > the
> > new password_will_be_nt_hash logic.  This seems to me to be a
> > horrible
> > API!
> > 
> > This however isn't an objection, assuming you tell me (as I trust
> > you
> > will) that all the other options were even worse.
> 
> I started with implementing it only in source3/lib/util_cmdline.c
> until some tests failed and I realized that
> cli_credentials_parse_string()
> or the callback also need to handle the hexstring.
> And we still have places were we use get_cmdline_auth_info_password()
> and get_cmdline_auth_info_use_pw_nt_hash() and pass down the
> hexstring
> through some layers.

Thanks.  Hopefully we can improve those wrappers in time, and perhaps
get a cleaner API eventually. 

> > 
> > I am very glad to see cli_credentials starting to get good use
> > across
> > the codebase.  I'm well aware it isn't ideal, but it is an
> > improvement
> > and the consistency brings us great opportunities. 
> 
> Yes, there're a lot of things to do, but we can't change everything
> on
> one day:-)

Indeed. 

I'll look over the rest at work today.  The only other thing I noted
was the changes to the existing tests.  Can you clarify (here, and in
the commit message) further why the existing tests needed to be
changed, specifically around the realm behaviour?  

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list