Fixing libwbclient struct wbcAuthUserInfo
Stefan (metze) Metzmacher
metze at samba.org
Fri May 29 08:13:17 GMT 2009
Guenther Deschner schrieb:
> Steven Danneman wrote:
>>> Andrew Bartlett schrieb:
>>>> On Thu, 2009-05-28 at 10:28 +0200, Volker Lendecke wrote:
>>>>> On Thu, May 28, 2009 at 06:23:58PM +1000, Andrew Bartlett wrote:
>>>>>> I really, really want the NDR encoded 'info3' (actually, I want
>>>>>> level 6) transported intact between winbindd and Samba. Going back
>>>>>> and forth via another structure is not only a pain, it is error
>>>>>> prone. If we do this right, and Microsoft adds extra information
>>>>>> the 'reserved' fields (or another level), then we simply pass on
>>> that information.
>>>>> The problem with NDR in the winbind pipe protocol is that it pulls
>>>>> GPL code (the NDR base libs) into something that will be linked into
>>>>> pam_winbind and nss_winbind.
>>>> No, the NDR blob is passed to the caller for it to interpret. It
>>>> remains opaque to wbclient and other users.
>>> Then we need a wbcAuthenticateUserEx2() and pass a wbcBlob list in and
>>> out. That way we could also pass the names for NTLMv2 via such blobs.
>> An In/Out blob list makes more sense, as if we're expecting info3/6 structures to come back through the interface, we should support sending the full SPNEGO blob into it.
> Just wondering, wouldn't wbcLogonUser easily allow that already?
> It already takes an array of wbcNamedBlobs in the [in]
> wbcLogonUserParams and can give back an array of wbcNamedBlobs on [out]
> via wbcLogonUserInfo.
I know, but I think we should not mix them, wbcLogonUser is for
logon a user to the local box. wbcAuthenticateUser is for doing just
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090529/0cdb2974/signature.bin
More information about the samba-technical