[Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
Hi,

here're patches to remove the already deprecated options
'auth methods', 'map untrusted to domain' and 'profile acls'.

Please review and push:-)

Thanks!
metze


tmp.diff.txt (59K) Download Attachment
signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
On Thursday, 7 December 2017 10:36:18 CET Stefan Metzmacher via samba-
technical wrote:
> Hi,
>
> here're patches to remove the already deprecated options
> 'auth methods', 'map untrusted to domain' and 'profile acls'.
>
> Please review and push:-)

Hi Metze,

shouldn't the test posixacl.py be removed first before we remove the
functionality with "s3:smbd: remove deprecated handling of "profile acls =
yes"" ??

RB+


Should we also change auth_methods_from_lp() ?

Change it to: auth_methods_get(TALLOC_CTX *mem_ctx, enum server_role)


        Andreas


--
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             [hidden email]
www.samba.org

Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Thu, 2017-12-07 at 10:36 +0100, Stefan Metzmacher via samba-
technical wrote:
> Hi,
>
> here're patches to remove the already deprecated options
> 'auth methods', 'map untrusted to domain' and 'profile acls'.
>
> Please review and push:-)

The removal of the auth_winbind_wbclient pdbtest test removes on of the
few tests of the NTLM authentication interface in winbindd.  I know it
was rather indirect, but it would be good to keep it.

On the other hand, it has this TODO:

        /* TODO: 
         * Compre more details from the two info3 structures,
         * then test that an expired/disabled/pwdmustchange account
         * returns the correct errors
         */

If you can show me we have a good test asserting the session key and
some other details on this then I can let it go.

To be clear, I'm not after the nostalgia, just worried about loss of
what little testing we have in some areas.

Thanks!

Andrew Bartlett

> Thanks!
> metze
>
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
Hi Andrew,

> The removal of the auth_winbind_wbclient pdbtest test removes on of the
> few tests of the NTLM authentication interface in winbindd.  I know it
> was rather indirect, but it would be good to keep it.
>
> On the other hand, it has this TODO:
>
> /* TODO: 
> * Compre more details from the two info3 structures,
> * then test that an expired/disabled/pwdmustchange account
> * returns the correct errors
> */
>
> If you can show me we have a good test asserting the session key and
> some other details on this then I can let it go.
>
> To be clear, I'm not after the nostalgia, just worried about loss of
> what little testing we have in some areas.
Ok, here's an update that inlines the auth_winbind_wbclient code into
pdbtest.

As well as the reordering Andreas asked for.

Please review and push:-)

Thanks!
metze


tmp.diff.txt (138K) Download Attachment
signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
Hi Andrew,

are you happy with this now?

metze

Am 07.12.2017 um 14:41 schrieb Stefan Metzmacher via samba-technical:

> Hi Andrew,
>
>> The removal of the auth_winbind_wbclient pdbtest test removes on of the
>> few tests of the NTLM authentication interface in winbindd.  I know it
>> was rather indirect, but it would be good to keep it.
>>
>> On the other hand, it has this TODO:
>>
>> /* TODO: 
>> * Compre more details from the two info3 structures,
>> * then test that an expired/disabled/pwdmustchange account
>> * returns the correct errors
>> */
>>
>> If you can show me we have a good test asserting the session key and
>> some other details on this then I can let it go.
>>
>> To be clear, I'm not after the nostalgia, just worried about loss of
>> what little testing we have in some areas.
>
> Ok, here's an update that inlines the auth_winbind_wbclient code into
> pdbtest.
>
> As well as the reordering Andreas asked for.
>
> Please review and push:-)
>
> Thanks!
> metze
>


signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
On Mon, 2017-12-11 at 11:28 +0100, Stefan Metzmacher wrote:
> Hi Andrew,
>
> are you happy with this now?

No objection from me on the wbclient auth module removal.  I'm hoping
to review it once I get some time this week.

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


Reply | Threaded
Open this post in threaded view
|

Re: [Patches] removal of 'auth methods', 'map untrusted to domain' and 'profile acls'

Samba - samba-technical mailing list
On Tue, 2017-12-12 at 07:21 +1300, Andrew Bartlett via samba-technical
wrote:
> On Mon, 2017-12-11 at 11:28 +0100, Stefan Metzmacher wrote:
> > Hi Andrew,
> >
> > are you happy with this now?
>
> No objection from me on the wbclient auth module removal.  I'm hoping
> to review it once I get some time this week.

I've reviewed those changes and added Andreas's review to the profile
ACL stuff (which frankly I never really understood).  It is in
autobuild.

Reviewed-by: Andrew Bartlett <[hidden email]>

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba