summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-01-24 16:47:24 +0100
committerVolker Lendecke <vl@samba.org>2010-01-24 20:32:17 +0100
commitff0274c519c036c28b70efbb8bf823347c91eb96 (patch)
treeefc0921a13f71d3eeb46ba2350856b5631502951
parente879b50b32a86ca4392147ab5473766f74a61118 (diff)
downloadsamba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.gz
samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.bz2
samba-ff0274c519c036c28b70efbb8bf823347c91eb96.zip
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
-rw-r--r--source3/Makefile.in16
-rw-r--r--source3/include/ntlmssp.h2
-rw-r--r--source3/libsmb/ntlmssp.c60
3 files changed, 73 insertions, 5 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f87cb88801..9d67b449d0 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1558,9 +1558,10 @@ bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) $(LIBTALLOC) $(LIBTDB) $(LIBWBCL
$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
-bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(ZLIB_LIBS)
@@ -1597,9 +1598,10 @@ bin/profiles@EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
-bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ)
@@ -1686,10 +1688,11 @@ bin/smbconftort@EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
-bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/msgtest@EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
@@ -1720,10 +1723,11 @@ bin/sharesec@EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
-bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ)
@@ -1755,9 +1759,10 @@ bin/log2pcap@EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \
$(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS)
-bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
@@ -1770,6 +1775,7 @@ bin/smbfilter@EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ $(LIBTALL
@echo Linking $@
@$(CC) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index d3de59835f..31b614fb54 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -40,6 +40,7 @@ enum ntlmssp_message_type
#define NTLMSSP_FEATURE_SESSION_KEY 0x00000001
#define NTLMSSP_FEATURE_SIGN 0x00000002
#define NTLMSSP_FEATURE_SEAL 0x00000004
+#define NTLMSSP_FEATURE_CCACHE 0x00000008
struct ntlmssp_state
{
@@ -49,6 +50,7 @@ struct ntlmssp_state
bool unicode;
bool use_ntlmv2;
+ bool use_ccache;
char *user;
char *domain;
char *workstation;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1d20ee5026..8a5b7ac5c4 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -245,6 +245,9 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
+ ntlmssp_state->use_ccache = true;
+ }
}
/**
@@ -265,6 +268,9 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
if (feature & NTLMSSP_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ if (feature & NTLMSSP_FEATURE_CCACHE) {
+ ntlmssp_state->use_ccache = true;
+ }
}
/**
@@ -992,6 +998,58 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
struct CHALLENGE_MESSAGE challenge;
struct AUTHENTICATE_MESSAGE authenticate;
+ if (ntlmssp_state->use_ccache) {
+ struct wbcCredentialCacheParams params;
+ struct wbcCredentialCacheInfo *info = NULL;
+ struct wbcAuthErrorInfo *error = NULL;
+ struct wbcNamedBlob auth_blob;
+ struct wbcBlob *wbc_next = NULL;
+ struct wbcBlob *wbc_session_key = NULL;
+ wbcErr wbc_status;
+ int i;
+
+ params.account_name = ntlmssp_state->user;
+ params.domain_name = ntlmssp_state->domain;
+ params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP;
+
+ auth_blob.name = "challenge_blob";
+ auth_blob.flags = 0;
+ auth_blob.blob.data = reply.data;
+ auth_blob.blob.length = reply.length;
+ params.num_blobs = 1;
+ params.blobs = &auth_blob;
+
+ wbc_status = wbcCredentialCache(&params, &info, &error);
+ if (error != NULL) {
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto noccache;
+ }
+
+ for (i=0; i<info->num_blobs; i++) {
+ if (strequal(info->blobs[i].name, "auth_blob")) {
+ wbc_next = &info->blobs[i].blob;
+ }
+ if (strequal(info->blobs[i].name, "session_key")) {
+ wbc_session_key = &info->blobs[i].blob;
+ }
+ }
+ if ((wbc_next == NULL) || (wbc_session_key == NULL)) {
+ wbcFreeMemory(info);
+ goto noccache;
+ }
+
+ *next_request = data_blob(wbc_next->data, wbc_next->length);
+ ntlmssp_state->session_key = data_blob(
+ wbc_session_key->data, wbc_session_key->length);
+
+ wbcFreeMemory(info);
+ goto done;
+ }
+
+noccache:
+
if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
"NTLMSSP",
&ntlmssp_command,
@@ -1203,6 +1261,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->lm_resp = lm_response;
ntlmssp_state->nt_resp = nt_response;
+done:
+
ntlmssp_state->expected_state = NTLMSSP_DONE;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {