[PATCH] wbcLogoffUser() & wbcLookupDomainController()

Tue May 13 15:45:45 GMT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stefan (metze) Metzmacher wrote:

> I know it's the same call in the current winbind protocol,
> but I think it should really be a different api call,
> as it also sets up the environment of the user,
> I see wbcAuthenticateUser() as a kind of network logon
> and wbcLogonUser() as a local logon.

OK.

> If we use the generic extension stuff via passing 
> named blobs,I think we should use them for wbcLogonUser()
> and wbcLogoffUser() and hide the krb5 specific stuff
> in it.
> 
>> The wbcChangePassword() should be easy following that.
> 
> We may also need a wbcChangePasswordEx() to handle the
> WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP case that is used by ntlm_auth.
> 
>> So that should finish up everything we've discussed so far.
> 
> We also need the NTLM_CCACHE stuff...
> And maybe also support for a WINBINDD_SIDS_TO_XIDS style operation
> in both directions for future use.
> 
>> Note: the patches are against v3-3-test but based on the
>> discussion people seemed to prefer to get this into v3-2-test
>> if the work was completed before the rc1 release on the 23rd.
>> Correct?
> 
> Yes, depending on whether we have a strategy to extent 
> the api, without increasing the soname version, we may

I think we have to resolve ourselves that inccreasing
the soname version is going to happen.  I believe I
have a solid plan for building a wrapper older compat
library sharing common code when we get there.

> not need everything, but it would at least be fine to
> remove wbinfo's dependency to wb_common.o

ok.  I'll do that.  What about the `wbinfo --getdcname` op.
Did we agree to remove that and only expose the --dsgetdcname
command?

> +	if ((pw = getpwnam(username)) == NULL) {
> +		wbc_status = WBC_ERR_UNKNOWN_USER;
> +		BAIL_ON_WBC_ERROR(wbc_status);
> +	}
> 
> I think we should not risk doing a wbc call from 
> within one, (we may call to nss_winbind)
> 
> We better pass the uid.

ok.  I'll concede the point on this one.  I really hate
that in the API call since it seems to be redundant.  But I
guess that was the same point about the ccfilename in
wbcLogoffUser().

> +struct wbcDomainControllerInfo {
> +	char *dc_name;	
> +};
> 
> Don't we want to return more info?
> 
> Or should we add a wbcDomainControllerInfoEx() later?

there's nothing else that the winbvind API call returns
at the moment.  I'd add wbcDomainControllerInfoEx() later
when this is fleshed out more.

To summarize, I'll make the change to wbcLogoffUser() to pass
the uid like you asked.  Also will fix the whitespace errors.
Then am I ok to check these into v3-3-test by everyone?
I don't see a pressing need to change the existing v3-2 API
since we still have more work to do anyways.  I'll keep
working until the 23rd on this but am not confident it will all
be done in time.  By maybe I'll get lucky and then we can
discuss a backport to v3-2.

cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKbepIR7qMdg1EfYRAv3BAKC8slqzkWMl4wMRUGcf9jl0E4oPrACfR7qk
sSQdO1yRpIuufdyLpk87K0k=
=swTS
-----END PGP SIGNATURE-----