On Mon, 2007-07-02 at 16:19 +0400, Dmitry Butskoy wrote:
- I try to code things most close to used style, i.e. using Dovecot's memory-management and io-pipe routines etc., but could someone look at it and check whether I've missed something or not?
close() and dup2() errors should be reported, although they're unlikely.
ostream is a bit pointless there since you're doing only a single write. You could just use write_full().
- Maybe some other options should be implemented, i.e. "auth_winbind_helper_ntlm" and "auth_winbind_helper_spnego" to specify the helper's cmdline exactly ?
Yes.
- Currently I strip domain part of the username returned, i.e. from "DOMAIN\user" just to "user". Maybe better add some option "auth_winbind_strip_domain" for this?
What if you changed it to user@domain? Then you could use Dovecot's standard %n or %u variables.
There's one thing I'd want changed: make it non-blocking. Both input and output are currently blocking, so dovecot-auth is stuck while waiting for ntlm_auth to reply. I want to avoid this whenever possible (I don't ever want to see "authentication just gets stuck, why??" mails. "ntlm_auth timed out" message in log is much nicer).
I guess ntlm_auth can handle only a single session at a time? So this would pretty much require that you either implement some kind of a queue or execute multiple ntlm_auths. Or maybe both. Using auth worker processes would probably be best. Unfortunately that currently works only for passdbs and userdbs, not for mechanisms. I guess I could try changing this for v1.1, unless you want to try? :)