diff options
author | Volker Lendecke <vl@samba.org> | 2010-01-24 16:47:24 +0100 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-01-24 20:32:17 +0100 |
commit | ff0274c519c036c28b70efbb8bf823347c91eb96 (patch) | |
tree | efc0921a13f71d3eeb46ba2350856b5631502951 /source3/libsmb | |
parent | e879b50b32a86ca4392147ab5473766f74a61118 (diff) | |
download | samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.gz samba-ff0274c519c036c28b70efbb8bf823347c91eb96.tar.bz2 samba-ff0274c519c036c28b70efbb8bf823347c91eb96.zip |
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/ntlmssp.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index 1d20ee5026..8a5b7ac5c4 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -245,6 +245,9 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) { + ntlmssp_state->use_ccache = true; + } } /** @@ -265,6 +268,9 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature) if (feature & NTLMSSP_FEATURE_SEAL) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } + if (feature & NTLMSSP_FEATURE_CCACHE) { + ntlmssp_state->use_ccache = true; + } } /** @@ -992,6 +998,58 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, struct CHALLENGE_MESSAGE challenge; struct AUTHENTICATE_MESSAGE authenticate; + if (ntlmssp_state->use_ccache) { + struct wbcCredentialCacheParams params; + struct wbcCredentialCacheInfo *info = NULL; + struct wbcAuthErrorInfo *error = NULL; + struct wbcNamedBlob auth_blob; + struct wbcBlob *wbc_next = NULL; + struct wbcBlob *wbc_session_key = NULL; + wbcErr wbc_status; + int i; + + params.account_name = ntlmssp_state->user; + params.domain_name = ntlmssp_state->domain; + params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP; + + auth_blob.name = "challenge_blob"; + auth_blob.flags = 0; + auth_blob.blob.data = reply.data; + auth_blob.blob.length = reply.length; + params.num_blobs = 1; + params.blobs = &auth_blob; + + wbc_status = wbcCredentialCache(¶ms, &info, &error); + if (error != NULL) { + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto noccache; + } + + for (i=0; i<info->num_blobs; i++) { + if (strequal(info->blobs[i].name, "auth_blob")) { + wbc_next = &info->blobs[i].blob; + } + if (strequal(info->blobs[i].name, "session_key")) { + wbc_session_key = &info->blobs[i].blob; + } + } + if ((wbc_next == NULL) || (wbc_session_key == NULL)) { + wbcFreeMemory(info); + goto noccache; + } + + *next_request = data_blob(wbc_next->data, wbc_next->length); + ntlmssp_state->session_key = data_blob( + wbc_session_key->data, wbc_session_key->length); + + wbcFreeMemory(info); + goto done; + } + +noccache: + if (!msrpc_parse(ntlmssp_state, &reply, "CdBd", "NTLMSSP", &ntlmssp_command, @@ -1203,6 +1261,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->lm_resp = lm_response; ntlmssp_state->nt_resp = nt_response; +done: + ntlmssp_state->expected_state = NTLMSSP_DONE; if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) { |