From b2d5dd7281805a25a86124d76dbc091fe12efff5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sun, 20 Aug 2006 01:25:26 +0000
Subject: r17616: Add the lm and nt hashes to the cached credentials stored -
 only store the password if we're going to be doing a krb5 refresh. GD please
 review this change ! Now to add code to reference count the cached creds (to
 allow multiple pam_logon/pam_logoffs to keep the creds around), ensure that
 the cred cache is called on all successful pam_logons (if we have winbindd
 cache pam credentials = true, set this by default) and finally ensure the
 creds cache is changed on successful password change. GD - you *really* need
 to review this :-). Jeremy. (This used to be commit
 017e7e14958d29246a1b221e33755bb91e96b08f)

---
 source3/nsswitch/winbindd_ccache_access.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'source3/nsswitch/winbindd_ccache_access.c')

diff --git a/source3/nsswitch/winbindd_ccache_access.c b/source3/nsswitch/winbindd_ccache_access.c
index 35d2cb4e51..6ac3942a8d 100644
--- a/source3/nsswitch/winbindd_ccache_access.c
+++ b/source3/nsswitch/winbindd_ccache_access.c
@@ -40,9 +40,10 @@ static BOOL client_can_access_ccache_entry(uid_t client_uid,
 	return False;
 }
 
-static NTSTATUS do_ntlm_auth_with_password(const char *username,
+static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
 					const char *domain,
-					const char *password,
+					const unsigned char lm_hash[LM_HASH_LEN],
+					const unsigned char nt_hash[NT_HASH_LEN],
 					const DATA_BLOB initial_msg,
 					const DATA_BLOB challenge_msg,
 					DATA_BLOB *auth_msg)
@@ -75,10 +76,10 @@ static NTSTATUS do_ntlm_auth_with_password(const char *username,
 		goto done;
 	}
 
-	status = ntlmssp_set_password(ntlmssp_state, password);
+	status = ntlmssp_set_hashes(ntlmssp_state, lm_hash, nt_hash);
         
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("Could not set password: %s\n",
+		DEBUG(1, ("Could not set hashes: %s\n",
 			nt_errstr(status)));
 		goto done;
 	}
@@ -256,7 +257,8 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma
 	if (!initial.data || !challenge.data) {
 		result = NT_STATUS_NO_MEMORY;
 	} else {
-		result = do_ntlm_auth_with_password(name_user, name_domain, entry->pass,
+		result = do_ntlm_auth_with_hashes(name_user, name_domain,
+						entry->lm_hash, entry->nt_hash,
 						initial, challenge, &auth);
 	}
 
-- 
cgit