libwbclient - wbcLogoffUser() & wbcLookupDomainController

Stefan (metze) Metzmacher metze at
Tue May 6 14:53:20 GMT 2008

Hi Jerry,

here're some comments about the design of the new calls.
However see also my next mail about deferring all this...

> 1. wbcErr wbcLogoffUser(const char *username,
>                          const char *ccfilename);
> Some explanations.  There is no current LogonUser pipe call.
> This is implicit in the Authenticate call.  So I've not added
> a wbcLogonUser().

This is not true, wbcAuthenticateUserEx() doesn't provide the ability
to handle local logons as needed by pam_winbind and it should not.

I think we should have a wbcLogonUser() and pam_winbind should be able
to use it later (in v3-3).

I'm not yet sure about the prototype of wbcLogonUser()...
...but I think we should use arrays of a structure like this:

struct {
	const char *name;
	bool critical;
	struct {
		uint32_t length;
		uint8_t *data;
	} value;

to pass extra data, e.g. needed for AFS krb5 logons in and out
of wbcLogonUser().

>  I debated dropping the cred cache pathood
> and having the library look up the default. This might still
> be a good idea to help relieve the burden on the application
> developer.  But it can bet set to NULL to it's not that bad.

I think the wbcLogoffUser() call should also get the uid.

I think we can skip the ccache filename, as it's produced by the LOGON
call, so winbind should be able to reproduce it.

> 2.  wbcErr wbcLookupDomainController(const char *domain,
>                                 struct wbcDomainControllerInfo *dc_info);
> Comments?

Something like this looks good, but maybe we need an uint32_t flags as
input? Günther, you may have some additional comments here? Maybe we
should return the same as what we will store in gencache...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url :

More information about the samba-technical mailing list