libwbclient - wbcLogoffUser() & wbcLookupDomainController
Gerald (Jerry) Carter
jerry at samba.org
Wed May 7 23:08:03 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan (metze) Metzmacher wrote:
> Hi Jerry,
>
> here're some comments about the design of the new calls.
> However see also my next mail about deferring all this...
>
>> 1. wbcErr wbcLogoffUser(const char *username,
>> const char *ccfilename);
>>
>> Some explanations. There is no current LogonUser pipe call.
>> This is implicit in the Authenticate call. So I've not added
>> a wbcLogonUser().
>
> This is not true, wbcAuthenticateUserEx() doesn't provide
> the ability to handle local logons as needed by pam_winbind
> and it should not.
>
> I think we should have a wbcLogonUser() and pam_winbind
> should be able to use it later (in v3-3).
So you think wbcLogonUser() should be the equivalent of
pam_sm_open_session()? That is currently a no-op in pam_winbind.c.
Also see my follow up question below.
>
> I'm not yet sure about the prototype of wbcLogonUser()...
> ...but I think we should use arrays of a structure like this:
>
> struct {
> const char *name;
> bool critical;
> struct {
> uint32_t length;
> uint8_t *data;
> } value;
> }
>
> to pass extra data, e.g. needed for AFS krb5 logons in and out
> of wbcLogonUser().
I'm not quite following you. What extra data are you passing?
>> I debated dropping the cred cache pathood
>> and having the library look up the default. This might still
>> be a good idea to help relieve the burden on the application
>> developer. But it can bet set to NULL to it's not that bad.
>
> I think the wbcLogoffUser() call should also get the uid.
Internally the cal gets the uid from getpwnam(). I just
don't think. The calling application should have to do that.
> I think we can skip the ccache filename, as it's produced
> by the LOGON call, so winbind should be able to reproduce it.
The current winbindd_pam.c code relies upon having the
cache location to remove it.
>
>> 2. wbcErr wbcLookupDomainController(const char *domain,
>> struct wbcDomainControllerInfo *dc_info);
>>
>>
>> Comments?
>
> Something like this looks good, but maybe we need
> an uint32_t flags as input? Günther, you may have
> some additional comments here? Maybe we should return
> the same as what we will store in gencache...
So add a uint32_t flags field marked as "reserved for future
use"? Right now the winbindd pipe call only returns the
DC name. That can change of course for v3-3.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIIjZTIR7qMdg1EfYRAuToAJ97u2tEdasJHK3/wWRwJwsxQfs4WgCcCBkx
YNdoqBw2qMW4+p4aki+sslw=
=ntQd
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list