[illumos-Developer] [REVIEW] 1121 smbsrv should use SPNEGO (outbound authentication)

Gordon Ross gordon.w.ross at gmail.com
Fri Jun 17 06:44:47 PDT 2011


On Fri, Jun 17, 2011 at 8:36 AM, Albert Lee <trisk at opensolaris.org> wrote:
> Some observations, although this looks correct as it is:

Thanks for having a look.

> usr/src/lib/smbsrv/libmlsvc/common/dssetup_clnt.c:91: Don't need to
> bzero here, dssetup_get_domain_info clobbers it.

OK.  The previous code had that.  I mostly reverted that to
an earlier revision.  Not sure that's worth changing...(?)

Just wanted to get rid of mlsvc_echo, which would be
somewhat harder to implement with libsmbfs/netsmb.

> usr/src/lib/smbsrv/libmlsvc/common/smbrdr_glue.c:65: Only
> smbrdr_logon() caller remaining is SMB_DR_JOIN ... ->
> smbd_join_domain->mlsvc_join. That could be replaced with direct usage
> of smbrdr_ctx_new() and passing the ctx around.

Yes I could, but I'd prefer to keep the knowledge of the
smb_ctx thing restricted to the mlsvc_glue.c code.

A better way to deal with the smb_ctx stuff would be to
keep a "net use" table* somewhere, preferably in the
code that manages connections to AD servers.
(* A "net use" table is a Windows concept.  It's a
list of all your "connected trees", a.k.a mounts.)
In Windows, the "netlogon" module does this job.
It needs keep track of connections to AD servers
for each "domain of interest" anyway.

We don't have a real netlogon module yet.  (Well,
we sort of do, but it's kind of spread around...)
I do plan to work on that, but it may be a while.

> usr/src/lib/smbsrv/libmlsvc/common/smbrdr_glue.c:118: ndr_rpc_bind()
> is passed the username MLSVC_ANON_USER ("IPC$") in a couple of
> places, also whatever is returned by mb_ipc_get_user().

Thanks.  I guess I could change those, or just remove the
XXX comment.

Thanks,
Gordon



More information about the Developer mailing list