diff options
author | Volker Lendecke <vl@samba.org> | 2010-01-24 16:47:24 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-01-24 20:32:17 +0100 |
commit | ff0274c519c036c28b70efbb8bf823347c91eb96 (patch) | |
tree | efc0921a13f71d3eeb46ba2350856b5631502951 | |
parent | e879b50b32a86ca4392147ab5473766f74a61118 (diff) | |
download | samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.gz samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.bz2 samba-ff0274c519c036c28b70efbb8bf823347c91eb96.zip |
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
-rw-r--r-- | source3/Makefile.in | 16 | ||||
-rw-r--r-- | source3/include/ntlmssp.h | 2 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp.c | 60 |
3 files changed, 73 insertions, 5 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index f87cb88801..9d67b449d0 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1558,9 +1558,10 @@ bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) $(LIBTALLOC) $(LIBTDB) $(LIBWBCL $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) -bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(ZLIB_LIBS) @@ -1597,9 +1598,10 @@ bin/profiles@EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ $(LIBTALLOC @$(CC) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \ $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) -bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @@ -1686,10 +1688,11 @@ bin/smbconftort@EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) -bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \ $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) bin/msgtest@EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) @@ -1720,10 +1723,11 @@ bin/sharesec@EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ $(LIBTALLOC @$(CC) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \ $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) -bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \ $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @@ -1755,9 +1759,10 @@ bin/log2pcap@EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ $(LIBTALLOC @$(CC) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \ $(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS) -bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) +bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @echo Linking $@ @$(CC) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) @@ -1770,6 +1775,7 @@ bin/smbfilter@EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ $(LIBTALL @echo Linking $@ @$(CC) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \ $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \ + @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index d3de59835f..31b614fb54 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -40,6 +40,7 @@ enum ntlmssp_message_type #define NTLMSSP_FEATURE_SESSION_KEY 0x00000001 #define NTLMSSP_FEATURE_SIGN 0x00000002 #define NTLMSSP_FEATURE_SEAL 0x00000004 +#define NTLMSSP_FEATURE_CCACHE 0x00000008 struct ntlmssp_state { @@ -49,6 +50,7 @@ struct ntlmssp_state bool unicode; bool use_ntlmv2; + bool use_ccache; char *user; char *domain; char *workstation; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 1d20ee5026..8a5b7ac5c4 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -245,6 +245,9 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) { + ntlmssp_state->use_ccache = true; + } } /** @@ -265,6 +268,9 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature) if (feature & NTLMSSP_FEATURE_SEAL) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + if (feature & NTLMSSP_FEATURE_CCACHE) { + ntlmssp_state->use_ccache = true; + } } /** @@ -992,6 +998,58 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, struct CHALLENGE_MESSAGE challenge; struct AUTHENTICATE_MESSAGE authenticate; + if (ntlmssp_state->use_ccache) { + struct wbcCredentialCacheParams params; + struct wbcCredentialCacheInfo *info = NULL; + struct wbcAuthErrorInfo *error = NULL; + struct wbcNamedBlob auth_blob; + struct wbcBlob *wbc_next = NULL; + struct wbcBlob *wbc_session_key = NULL; + wbcErr wbc_status; + int i; + + params.account_name = ntlmssp_state->user; + params.domain_name = ntlmssp_state->domain; + params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP; + + auth_blob.name = "challenge_blob"; + auth_blob.flags = 0; + auth_blob.blob.data = reply.data; + auth_blob.blob.length = reply.length; + params.num_blobs = 1; + params.blobs = &auth_blob; + + wbc_status = wbcCredentialCache(¶ms, &info, &error); + if (error != NULL) { + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto noccache; + } + + for (i=0; i<info->num_blobs; i++) { + if (strequal(info->blobs[i].name, "auth_blob")) { + wbc_next = &info->blobs[i].blob; + } + if (strequal(info->blobs[i].name, "session_key")) { + wbc_session_key = &info->blobs[i].blob; + } + } + if ((wbc_next == NULL) || (wbc_session_key == NULL)) { + wbcFreeMemory(info); + goto noccache; + } + + *next_request = data_blob(wbc_next->data, wbc_next->length); + ntlmssp_state->session_key = data_blob( + wbc_session_key->data, wbc_session_key->length); + + wbcFreeMemory(info); + goto done; + } + +noccache: + if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", "NTLMSSP", &ntlmssp_command, @@ -1203,6 +1261,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->lm_resp = lm_response; ntlmssp_state->nt_resp = nt_response; +done: + ntlmssp_state->expected_state = NTLMSSP_DONE; if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) { |