Fixing libwbclient struct wbcAuthUserInfo
steven.danneman at isilon.com
Thu May 28 22:00:11 GMT 2009
> Andrew Bartlett schrieb:
> > On Thu, 2009-05-28 at 10:28 +0200, Volker Lendecke wrote:
> >> On Thu, May 28, 2009 at 06:23:58PM +1000, Andrew Bartlett wrote:
> >>> I really, really want the NDR encoded 'info3' (actually, I want
> >>> level 6) transported intact between winbindd and Samba. Going back
> >>> and forth via another structure is not only a pain, it is error
> >>> prone. If we do this right, and Microsoft adds extra information
> >>> the 'reserved' fields (or another level), then we simply pass on
> that information.
> >> The problem with NDR in the winbind pipe protocol is that it pulls
> >> GPL code (the NDR base libs) into something that will be linked into
> >> pam_winbind and nss_winbind.
> > No, the NDR blob is passed to the caller for it to interpret. It
> > remains opaque to wbclient and other users.
> Then we need a wbcAuthenticateUserEx2() and pass a wbcBlob list in and
> out. That way we could also pass the names for NTLMv2 via such blobs.
An In/Out blob list makes more sense, as if we're expecting info3/6 structures to come back through the interface, we should support sending the full SPNEGO blob into it.
Kai can you submit your proposed patch to the list when you've come up with it?
The GPL issue is annoying, because the interface would be much more intuitive if we specified the Microsoft structures within the calls themselves, thus marshalling the NDR inside of wbc.
The wbclient interface is used by Samba and Likewise for sure. Since the library was shipped in 3.2, we could expect that other programs have utilized it. I'm guessing Simo uses it in his SSSD code. So while it's not widely deployed it is in the wild. There's usually an expectation that later version of a protocol library are at least compatible with previous versions.
If we have to add and Ex2 function, I'd like to put enough thought into it to avoid an Ex3, 4, 5 and 6 :)
More information about the samba-technical