Fixing libwbclient struct wbcAuthUserInfo

[Stefan (metze) Metzmacher]

Guenther Deschner schrieb:
> Steven Danneman wrote:
>>> Andrew Bartlett schrieb:
>>>> On Thu, 2009-05-28 at 10:28 +0200, Volker Lendecke wrote:
>>>>> On Thu, May 28, 2009 at 06:23:58PM +1000, Andrew Bartlett wrote:
>>>>>> I really, really want the NDR encoded 'info3' (actually, I want
>>>>>> level 6) transported intact between winbindd and Samba.  Going back
>>>>>> and forth via another structure is not only a pain, it is error
>>>>>> prone.  If we do this right, and Microsoft adds extra information
>>> in
>>>>>> the 'reserved' fields (or another level), then we simply pass on
>>> that information.
>>>>> The problem with NDR in the winbind pipe protocol is that it pulls
>>> in
>>>>> GPL code (the NDR base libs) into something that will be linked into
>>>>> pam_winbind and nss_winbind.
>>>> No, the NDR blob is passed to the caller for it to interpret.  It
>>>> remains opaque to wbclient and other users.
>>> Then we need a wbcAuthenticateUserEx2() and pass a wbcBlob list in and
>>> out. That way we could also pass the names for NTLMv2 via such blobs.
>>>
>>> metze
>>>
>> An In/Out blob list makes more sense, as if we're expecting info3/6 structures to come back through the interface, we should support sending the full SPNEGO blob into it.
> 
> Just wondering, wouldn't wbcLogonUser easily allow that already?
> 
> It already takes an array of wbcNamedBlobs in the [in]
> wbcLogonUserParams and can give back an array of wbcNamedBlobs on [out]
> via wbcLogonUserInfo.

I know, but I think we should not mix them, wbcLogonUser is for
logon a user to the local box. wbcAuthenticateUser is for doing just
authentication.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090529/0cdb2974/signature.bin