summaryrefslogtreecommitdiff
path: root/source3/libsmb
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-01-24 16:47:24 +0100
committerVolker Lendecke <vl@samba.org>2010-01-24 20:32:17 +0100
commitff0274c519c036c28b70efbb8bf823347c91eb96 (patch)
treeefc0921a13f71d3eeb46ba2350856b5631502951 /source3/libsmb
parente879b50b32a86ca4392147ab5473766f74a61118 (diff)
downloadsamba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.gz
samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.bz2
samba-ff0274c519c036c28b70efbb8bf823347c91eb96.zip
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
Diffstat (limited to 'source3/libsmb')
-rw-r--r--source3/libsmb/ntlmssp.c60
1 files changed, 60 insertions, 0 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1d20ee5026..8a5b7ac5c4 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -245,6 +245,9 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
+ ntlmssp_state->use_ccache = true;
+ }
}
/**
@@ -265,6 +268,9 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
if (feature & NTLMSSP_FEATURE_SEAL) {
ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
}
+ if (feature & NTLMSSP_FEATURE_CCACHE) {
+ ntlmssp_state->use_ccache = true;
+ }
}
/**
@@ -992,6 +998,58 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
struct CHALLENGE_MESSAGE challenge;
struct AUTHENTICATE_MESSAGE authenticate;
+ if (ntlmssp_state->use_ccache) {
+ struct wbcCredentialCacheParams params;
+ struct wbcCredentialCacheInfo *info = NULL;
+ struct wbcAuthErrorInfo *error = NULL;
+ struct wbcNamedBlob auth_blob;
+ struct wbcBlob *wbc_next = NULL;
+ struct wbcBlob *wbc_session_key = NULL;
+ wbcErr wbc_status;
+ int i;
+
+ params.account_name = ntlmssp_state->user;
+ params.domain_name = ntlmssp_state->domain;
+ params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP;
+
+ auth_blob.name = "challenge_blob";
+ auth_blob.flags = 0;
+ auth_blob.blob.data = reply.data;
+ auth_blob.blob.length = reply.length;
+ params.num_blobs = 1;
+ params.blobs = &auth_blob;
+
+ wbc_status = wbcCredentialCache(&params, &info, &error);
+ if (error != NULL) {
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ goto noccache;
+ }
+
+ for (i=0; i<info->num_blobs; i++) {
+ if (strequal(info->blobs[i].name, "auth_blob")) {
+ wbc_next = &info->blobs[i].blob;
+ }
+ if (strequal(info->blobs[i].name, "session_key")) {
+ wbc_session_key = &info->blobs[i].blob;
+ }
+ }
+ if ((wbc_next == NULL) || (wbc_session_key == NULL)) {
+ wbcFreeMemory(info);
+ goto noccache;
+ }
+
+ *next_request = data_blob(wbc_next->data, wbc_next->length);
+ ntlmssp_state->session_key = data_blob(
+ wbc_session_key->data, wbc_session_key->length);
+
+ wbcFreeMemory(info);
+ goto done;
+ }
+
+noccache:
+
if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
"NTLMSSP",
&ntlmssp_command,
@@ -1203,6 +1261,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
ntlmssp_state->lm_resp = lm_response;
ntlmssp_state->nt_resp = nt_response;
+done:
+
ntlmssp_state->expected_state = NTLMSSP_DONE;
if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {