[PATCH]: wbc: expand wbcAuthUserParams to pass alternate
domain\user
Gerald Carter
jerry at plainjoe.org
Tue May 19 20:25:23 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steven Danneman wrote:
> Authenticating a local user outside of smbd is different. The
> on-the-wire domain name may be the client's machine name, or it may be
> an empty string (Vista sends this). smbd in make_user_info_map(),
> converts this to the SAM name of the server. So we now have
> "client_domain" and "domain" respectively. Username mapping, for local
> users, is done pre-authentication so that the mapped-to user and
> password will be used in the authentication checks. This is what
> auth_sam.c does. This gives us the on-the-wire user, used in the hash,
> "smb_name" and the mapped-to user "internal_username".
>
> In order for the authentication daemon to provide the same local auth
> support as smbd, all four of these variables need to be passed to it via
> wbc.
Hey Steven,
I've been thinking about this problem and I agree with your
explanation. I looked at your patches. I wish there was a way
to not munge the account so much before passing off (and thus
avoid the struct changes), but I can't really see any way around
it off hand (if you wan to support local user authentication ....
which based on comments from a few people at Samba XP, it seems
is a reasonable desire for winbindd).
- From a style PoV, I would have probably included the two new
char *'s at the top level and not created a new struct. It should
be self-explanatory whether or not to use the original username/domain
based on the wbcAuthUserParams.level value and whether the pointer(s)
is (are) NULL. Correct?
cheers, jerry
- --
=====================================================================
http://git.plainjoe.org/ CODE
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKExWoIR7qMdg1EfYRAuQMAJ0f7ikZSaAQ1ywagGfZ6D1nd/hDQACgk3BV
NtjfgTgAHR9fSrvAMZTIRdc=
=V27W
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list