Fixing libwbclient struct wbcAuthUserInfo

Guenther Deschner gd at
Thu May 28 22:17:12 GMT 2009

Hash: SHA1

Steven Danneman wrote:
>> Andrew Bartlett schrieb:
>>> On Thu, 2009-05-28 at 10:28 +0200, Volker Lendecke wrote:
>>>> On Thu, May 28, 2009 at 06:23:58PM +1000, Andrew Bartlett wrote:
>>>>> I really, really want the NDR encoded 'info3' (actually, I want
>>>>> level 6) transported intact between winbindd and Samba.  Going back
>>>>> and forth via another structure is not only a pain, it is error
>>>>> prone.  If we do this right, and Microsoft adds extra information
>> in
>>>>> the 'reserved' fields (or another level), then we simply pass on
>> that information.
>>>> The problem with NDR in the winbind pipe protocol is that it pulls
>> in
>>>> GPL code (the NDR base libs) into something that will be linked into
>>>> pam_winbind and nss_winbind.
>>> No, the NDR blob is passed to the caller for it to interpret.  It
>>> remains opaque to wbclient and other users.
>> Then we need a wbcAuthenticateUserEx2() and pass a wbcBlob list in and
>> out. That way we could also pass the names for NTLMv2 via such blobs.
>> metze
> An In/Out blob list makes more sense, as if we're expecting info3/6 structures to come back through the interface, we should support sending the full SPNEGO blob into it.

Just wondering, wouldn't wbcLogonUser easily allow that already?

It already takes an array of wbcNamedBlobs in the [in]
wbcLogonUserParams and can give back an array of wbcNamedBlobs on [out]
via wbcLogonUserInfo.


- --
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at
Samba Team                              gd at
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the samba-technical mailing list