diff options
| author | Jeremy Allison <jra@samba.org> | 2006-08-19 01:04:54 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:38:43 -0500 |
| commit | b41e14abfdc7301d5ae26ad95c031aa36c190fc8 (patch) | |
| tree | 132c80c91e9ac1a43da7584b48a4a8218a20b9f1 /source3/nsswitch/winbindd_nss.h | |
| parent | 986461b6be03eefd3bd9d9c5f5921e14189813b2 (diff) | |
| download | samba-b41e14abfdc7301d5ae26ad95c031aa36c190fc8.tar.gz samba-b41e14abfdc7301d5ae26ad95c031aa36c190fc8.tar.bz2 samba-b41e14abfdc7301d5ae26ad95c031aa36c190fc8.zip | |
r17610: Added the ability for firefox to drive the winbindd
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
(This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
Diffstat (limited to 'source3/nsswitch/winbindd_nss.h')
| -rw-r--r-- | source3/nsswitch/winbindd_nss.h | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 4a95a3cf42..b19026b4db 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -35,7 +35,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 16 +#define WINBIND_INTERFACE_VERSION 17 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -153,6 +153,10 @@ enum winbindd_cmd { WINBINDD_DUAL_USERINFO, WINBINDD_DUAL_GETSIDALIASES, + /* Complete the challenge phase of the NTLM authentication + protocol using cached password. */ + WINBINDD_CCACHE_NTLMAUTH, + WINBINDD_NUM_CMDS }; @@ -292,8 +296,21 @@ struct winbindd_request { } dual_idmapset; BOOL list_all_domains; + struct { + uid_t uid; + fstring user; + /* the effective uid of the client, must be the uid for 'user'. + This is checked by the main daemon, trusted by children. */ + /* if the blobs are length zero, then this doesn't + produce an actual challenge response. It merely + succeeds if there are cached credentials available + that could be used. */ + uint32 initial_blob_len; /* blobs in extra_data */ + uint32 challenge_blob_len; + } ccache_ntlm_auth; + /* padding -- needed to fix alignment between 32bit and 64bit libs. - The size if the sizeof the union without the padding aligned on + The size is the sizeof the union without the padding aligned on an 8 byte boundary. --jerry */ char padding[1560]; @@ -426,6 +443,9 @@ struct winbindd_response { fstring shell; uint32 group_rid; } user_info; + struct { + uint32 auth_blob_len; /* blob in extra_data */ + } ccache_ntlm_auth; } data; /* Variable length return data */ |