[PATCH]: wbc: expand wbcAuthUserParams to pass alternate domain\user

Tue May 19 00:11:16 GMT 2009

I wanted to get RFC on an addition to the wbc interface.  Kai, I know
you've been working on this recently so your opinion would help.

We need to expand the wbcAuthUserEx() interface somehow to allow passing
an alternate DOMAIN\user combination to our auth daemon.  This is
necessary when the auth daemon is checking an NTLMv2 hash, which was
built using the on-the-wire DOMAIN\user combination, but smbd has mapped
the domain to the server's local sam name (via make_user_info_map()) or
smbd has mapped the user (via the "username map" parameter).

Our approach was to add a new response2 struct and level to the
wbcAuthUserParams.  The should keep backwards compatibility, with
previous apps built to .1-.3 version of the interface.  The only problem
I foresee is some confusion for other client app developers as to which
response structure to use in their code when trying to check NTLM
responses.  I can hopefully mitigate that by just adding a comment to
the struct.

What do you think?

The new interface will be used by the auth_wbc module, the changes for
which are attached in the second patch.

-Steven

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-wbc-expand-wbcAuthUserParams-to-pass-alternate-doma.patch
Type: application/octet-stream
Size: 2236 bytes
Desc: 0001-wbc-expand-wbcAuthUserParams-to-pass-alternate-doma.patch
Url : http://lists.samba.org/archive/samba-technical/attachments/20090518/47e279a2/0001-wbc-expand-wbcAuthUserParams-to-pass-alternate-doma.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s3-auth_wbc-send-both-mapped-and-original-DOMAIN-us.patch
Type: application/octet-stream
Size: 4262 bytes
Desc: 0002-s3-auth_wbc-send-both-mapped-and-original-DOMAIN-us.patch
Url : http://lists.samba.org/archive/samba-technical/attachments/20090518/47e279a2/0002-s3-auth_wbc-send-both-mapped-and-original-DOMAIN-us.obj