On Mon, 2007-07-02 at 16:19 +0400, Dmitry Butskoy wrote: > - I try to code things most close to used style, i.e. using Dovecot's > memory-management and io-pipe routines etc., but could someone look at > it and check whether I've missed something or not?
close() and dup2() errors should be reported, although they're unlikely. ostream is a bit pointless there since you're doing only a single write. You could just use write_full(). > - Maybe some other options should be implemented, i.e. > "auth_winbind_helper_ntlm" and "auth_winbind_helper_spnego" to specify > the helper's cmdline exactly ? Yes. > - Currently I strip domain part of the username returned, i.e. from > "DOMAIN\user" just to "user". Maybe better add some option > "auth_winbind_strip_domain" for this? What if you changed it to [EMAIL PROTECTED] Then you could use Dovecot's standard %n or %u variables. There's one thing I'd want changed: make it non-blocking. Both input and output are currently blocking, so dovecot-auth is stuck while waiting for ntlm_auth to reply. I want to avoid this whenever possible (I don't ever want to see "authentication just gets stuck, why??" mails. "ntlm_auth timed out" message in log is much nicer). I guess ntlm_auth can handle only a single session at a time? So this would pretty much require that you either implement some kind of a queue or execute multiple ntlm_auths. Or maybe both. Using auth worker processes would probably be best. Unfortunately that currently works only for passdbs and userdbs, not for mechanisms. I guess I could try changing this for v1.1, unless you want to try? :)
signature.asc
Description: This is a digitally signed message part
