[PATCH] wbcLogoffUser() & wbcLookupDomainController()
Stefan (metze) Metzmacher
metze at samba.org
Tue May 13 15:17:31 GMT 2008
Hi Jerry,
> I'll lookat the wbcLogonUser() next. but that is really just
> wbcAuthenticateUser() and passing back a blob. Also need to
> review passing back the krb5 ccache path name in
> wbcAuthenticateUser() so this might just be a generic extension
> to that call.
I know it's the same call in the current winbind protocol,
but I think it should really be a different api call,
as it also sets up the environment of the user,
I see wbcAuthenticateUser() as a kind of network logon
and wbcLogonUser() as a local logon.
If we use the generic extension stuff via passing named blobs,
I think we should use them for wbcLogonUser() and wbcLogoffUser()
and hide the krb5 specific stuff in it.
> The wbcChangePassword() should be easy following that.
We may also need a wbcChangePasswordEx() to handle the
WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP case that is used by ntlm_auth.
> So that should finish up everything we've discussed so far.
We also need the NTLM_CCACHE stuff...
And maybe also support for a WINBINDD_SIDS_TO_XIDS style operation
in both directions for future use.
> Note: the patches are against v3-3-test but based on the
> discussion people seemed to prefer to get this into v3-2-test
> if the work was completed before the rc1 release on the 23rd.
> Correct?
Yes, depending on whether we have a strategy to extent the api,
without increasing the soname version, we may not need everything,
but it would at least be fine to remove wbinfo's dependency to wb_common.o
>
>
>
> cheers, jerry
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
here're whitespace bugs, and I noticed them in other places too...
+ if ((pw = getpwnam(username)) == NULL) {
+ wbc_status = WBC_ERR_UNKNOWN_USER;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
I think we should not risk doing a wbc call from within one,
(we may call to nss_winbind)
We better pass the uid.
diff --git a/source/nsswitch/libwbclient/wbc_util.c
b/source/nsswitch/libwbclient/wbc_util.c
index 3afd8a2..1fef660 100644
--- a/source/nsswitch/libwbclient/wbc_util.c
+++ b/source/nsswitch/libwbclient/wbc_util.c
@@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo
**domains, size_t *num_domains)
return wbc_status;
}
+
+/** @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param domain Name of the domain to query for a DC
+ * @flags Bit flags used to control the domain location query
+ * @param *dc_info Pointer to the returned domain controller
information
+ *
+ * @return #wbcErr
+ *
+ **/
+
+
+
+wbcErr wbcLookupDomainController(const char *domain,
+ uint32_t flags,
+ struct wbcDomainControllerInfo **dc_info)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ struct wbcDomainControllerInfo *dc = NULL;
+
+ /* validate input params */
+
+ if (!domain || !dc_info) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.domain_name, domain, sizeof(request.domain_name)-1);
+
+ request.flags = flags;
+
+ dc = talloc(NULL, struct wbcDomainControllerInfo);
+ BAIL_ON_PTR_ERROR(dc, wbc_status);
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ dc->dc_name = talloc_strdup(dc, response.data.dc_name);
+ BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
+
+ *dc_info = dc;
+
+done:
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ talloc_free(dc);
+ }
+
+ return wbc_status;
+}
diff --git a/source/nsswitch/libwbclient/wbclient.c
b/source/nsswitch/libwbclient/wbclient.c
index 9383fd5..6403c15 100644
--- a/source/nsswitch/libwbclient/wbclient.c
+++ b/source/nsswitch/libwbclient/wbclient.c
@@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error)
return "WBC_ERR_INVALID_RESPONSE";
case WBC_ERR_NSS_ERROR:
return "WBC_ERR_NSS_ERROR";
+ case WBC_ERR_UNKNOWN_USER:
+ return "WBC_ERR_UNKNOWN_USER";
+ case WBC_ERR_UNKNOWN_GROUP:
+ return "WBC_ERR_UNKNOWN_GROUP";
case WBC_ERR_AUTH_ERROR:
return "WBC_ERR_AUTH_ERROR";
}
diff --git a/source/nsswitch/libwbclient/wbclient.h
b/source/nsswitch/libwbclient/wbclient.h
index f236c43..469cb02 100644
--- a/source/nsswitch/libwbclient/wbclient.h
+++ b/source/nsswitch/libwbclient/wbclient.h
@@ -42,7 +42,9 @@ enum _wbcErrType {
WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot
be found **/
WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid
response **/
WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
- WBC_ERR_AUTH_ERROR /**< Authentication failed **/
+ WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
+ WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
+ WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */
};
typedef enum _wbcErrType wbcErr;
@@ -290,6 +292,15 @@ struct wbcAuthErrorInfo {
};
/*
+ * DomainControllerInfo struct
+ */
+struct wbcDomainControllerInfo {
+ char *dc_name;
+};
Don't we want to return more info?
Or should we add a wbcDomainControllerInfoEx() later?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20080513/129fe830/signature.bin
More information about the samba-technical
mailing list