diff options
author | Jeremy Allison <jra@samba.org> | 2006-08-20 01:25:26 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:38:43 -0500 |
commit | b2d5dd7281805a25a86124d76dbc091fe12efff5 (patch) | |
tree | afe2de67ddf4e2a57d16fbe7162bf21193b1ea61 /source3/nsswitch/winbindd_ccache_access.c | |
parent | ffa590854ab5f2563c3398ae9ae3182e6abe3f82 (diff) | |
download | samba-b2d5dd7281805a25a86124d76dbc091fe12efff5.tar.gz samba-b2d5dd7281805a25a86124d76dbc091fe12efff5.tar.bz2 samba-b2d5dd7281805a25a86124d76dbc091fe12efff5.zip |
r17616: Add the lm and nt hashes to the cached credentials
stored - only store the password if we're going to
be doing a krb5 refresh. GD please review this change !
Now to add code to reference count the cached creds
(to allow multiple pam_logon/pam_logoffs to keep the
creds around), ensure that the cred cache is called
on all successful pam_logons (if we have winbindd cache
pam credentials = true, set this by default) and finally
ensure the creds cache is changed on successful password
change. GD - you *really* need to review this :-).
Jeremy.
(This used to be commit 017e7e14958d29246a1b221e33755bb91e96b08f)
Diffstat (limited to 'source3/nsswitch/winbindd_ccache_access.c')
-rw-r--r-- | source3/nsswitch/winbindd_ccache_access.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/source3/nsswitch/winbindd_ccache_access.c b/source3/nsswitch/winbindd_ccache_access.c index 35d2cb4e51..6ac3942a8d 100644 --- a/source3/nsswitch/winbindd_ccache_access.c +++ b/source3/nsswitch/winbindd_ccache_access.c @@ -40,9 +40,10 @@ static BOOL client_can_access_ccache_entry(uid_t client_uid, return False; } -static NTSTATUS do_ntlm_auth_with_password(const char *username, +static NTSTATUS do_ntlm_auth_with_hashes(const char *username, const char *domain, - const char *password, + const unsigned char lm_hash[LM_HASH_LEN], + const unsigned char nt_hash[NT_HASH_LEN], const DATA_BLOB initial_msg, const DATA_BLOB challenge_msg, DATA_BLOB *auth_msg) @@ -75,10 +76,10 @@ static NTSTATUS do_ntlm_auth_with_password(const char *username, goto done; } - status = ntlmssp_set_password(ntlmssp_state, password); + status = ntlmssp_set_hashes(ntlmssp_state, lm_hash, nt_hash); if (!NT_STATUS_IS_OK(status)) { - DEBUG(1, ("Could not set password: %s\n", + DEBUG(1, ("Could not set hashes: %s\n", nt_errstr(status))); goto done; } @@ -256,7 +257,8 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma if (!initial.data || !challenge.data) { result = NT_STATUS_NO_MEMORY; } else { - result = do_ntlm_auth_with_password(name_user, name_domain, entry->pass, + result = do_ntlm_auth_with_hashes(name_user, name_domain, + entry->lm_hash, entry->nt_hash, initial, challenge, &auth); } |