« Return to Thread: libwbclient - wbcLogoffUser() & wbcLookupDomainController
Re: libwbclient - wbcLogoffUser() & wbcLookupDomainController
by Stefan (metze) Metzmacher
::
Rate this Message:
Hi Jerry,
here're some comments about the design of the new calls.
However see also my next mail about deferring all this...
> 1. wbcErr wbcLogoffUser(const char *username,
> const char *ccfilename);
>
> Some explanations. There is no current LogonUser pipe call.
> This is implicit in the Authenticate call. So I've not added
> a wbcLogonUser().
This is not true, wbcAuthenticateUserEx() doesn't provide the ability
to handle local logons as needed by pam_winbind and it should not.
I think we should have a wbcLogonUser() and pam_winbind should be able
to use it later (in v3-3).
I'm not yet sure about the prototype of wbcLogonUser()...
...but I think we should use arrays of a structure like this:
struct {
const char *name;
bool critical;
struct {
uint32_t length;
uint8_t *data;
} value;
}
to pass extra data, e.g. needed for AFS krb5 logons in and out
of wbcLogonUser().
> I debated dropping the cred cache pathood
> and having the library look up the default. This might still
> be a good idea to help relieve the burden on the application
> developer. But it can bet set to NULL to it's not that bad.
I think the wbcLogoffUser() call should also get the uid.
I think we can skip the ccache filename, as it's produced by the LOGON
call, so winbind should be able to reproduce it.
>
> 2. wbcErr wbcLookupDomainController(const char *domain,
> struct wbcDomainControllerInfo *dc_info);
>
>
> Comments?
Something like this looks good, but maybe we need an uint32_t flags as
input? Günther, you may have some additional comments here? Maybe we
should return the same as what we will store in gencache...
metze
here're some comments about the design of the new calls.
However see also my next mail about deferring all this...
> 1. wbcErr wbcLogoffUser(const char *username,
> const char *ccfilename);
>
> Some explanations. There is no current LogonUser pipe call.
> This is implicit in the Authenticate call. So I've not added
> a wbcLogonUser().
This is not true, wbcAuthenticateUserEx() doesn't provide the ability
to handle local logons as needed by pam_winbind and it should not.
I think we should have a wbcLogonUser() and pam_winbind should be able
to use it later (in v3-3).
I'm not yet sure about the prototype of wbcLogonUser()...
...but I think we should use arrays of a structure like this:
struct {
const char *name;
bool critical;
struct {
uint32_t length;
uint8_t *data;
} value;
}
to pass extra data, e.g. needed for AFS krb5 logons in and out
of wbcLogonUser().
> I debated dropping the cred cache pathood
> and having the library look up the default. This might still
> be a good idea to help relieve the burden on the application
> developer. But it can bet set to NULL to it's not that bad.
I think the wbcLogoffUser() call should also get the uid.
I think we can skip the ccache filename, as it's produced by the LOGON
call, so winbind should be able to reproduce it.
>
> 2. wbcErr wbcLookupDomainController(const char *domain,
> struct wbcDomainControllerInfo *dc_info);
>
>
> Comments?
Something like this looks good, but maybe we need an uint32_t flags as
input? Günther, you may have some additional comments here? Maybe we
should return the same as what we will store in gencache...
metze
signature.asc (257 bytes) « Return to Thread: libwbclient - wbcLogoffUser() & wbcLookupDomainController
| Free Forum Powered by Nabble | Forum Help |