[PATCH]: wbc: expand wbcAuthUserParams to pass alternate domain\user

Gerald Carter jerry at plainjoe.org
Tue May 19 20:25:23 GMT 2009

Hash: SHA1

Steven Danneman wrote:

> Authenticating a local user outside of smbd is different.  The
> on-the-wire domain name may be the client's machine name, or it may be
> an empty string (Vista sends this).  smbd in make_user_info_map(),
> converts this to the SAM name of the server.  So we now have
> "client_domain" and "domain" respectively.  Username mapping, for local
> users, is done pre-authentication so that the mapped-to user and
> password will be used in the authentication checks.  This is what
> auth_sam.c does.  This gives us the on-the-wire user, used in the hash,
> "smb_name" and the mapped-to user "internal_username".
> In order for the authentication daemon to provide the same local auth
> support as smbd, all four of these variables need to be passed to it via
> wbc.

Hey Steven,

I've been thinking about this problem and I agree with your
explanation.  I looked at your patches.  I wish there was a way
to not munge the account so much before passing off (and thus
avoid the struct changes), but I can't really see any way around
it off hand (if you wan to support local user authentication ....
which based on comments from a few people at Samba XP, it seems
is a reasonable desire for winbindd).

- From a style PoV, I would have probably included the two new
char *'s at the top level and not created a new struct.  It should
be self-explanatory whether or not to use the original username/domain
based on the wbcAuthUserParams.level value and whether the pointer(s)
is (are) NULL.  Correct?

cheers, jerry
- --
http://git.plainjoe.org/                                         CODE
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba-technical mailing list