[PATCH]: wbc: expand wbcAuthUserParams to pass alternate domain\user

Kai Blin kai at samba.org
Tue May 19 06:33:40 GMT 2009 

On Tuesday 19 May 2009 02:11:16 Steven Danneman wrote:

> We need to expand the wbcAuthUserEx() interface somehow to allow passing
> an alternate DOMAIN\user combination to our auth daemon.  This is
> necessary when the auth daemon is checking an NTLMv2 hash, which was
> built using the on-the-wire DOMAIN\user combination, but smbd has mapped
> the domain to the server's local sam name (via make_user_info_map()) or
> smbd has mapped the user (via the "username map" parameter).

Sounds reasonable.

> Our approach was to add a new response2 struct and level to the
> wbcAuthUserParams.  The should keep backwards compatibility, with
> previous apps built to .1-.3 version of the interface.  The only problem
> I foresee is some confusion for other client app developers as to which
> response structure to use in their code when trying to check NTLM
> responses.  I can hopefully mitigate that by just adding a comment to
> the struct.
>
> What do you think?

I agree with the basic design, but I don't like this struct being called 
response2. Some name telling what the struct is about would be nicer. Unless 
we really want to use response2 instead of response in all callers now 
anyway, then I guess response2 makes sense.

On a sidenote, I don't think we want to keep a full libwbclient changelog in 
the header file. Keeping the last change that required a version bump should 
be sufficient.

Aren't you breaking the code in auth_util.c for people not using auth_wbc? 
There's also a typo in 
* This allow deals with the client passing in a "" domain */
       ^^^^^

Cheers,
Kai

-- 
Kai Blin
WorldForge developer  http://www.worldforge.org/
Wine developer        http://wiki.winehq.org/KaiBlin
Samba team member     http://www.samba.org/samba/team/
--
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.samba.org/archive/samba-technical/attachments/20090519/6020099f/attachment.bin

More information about the samba-technical mailing list