From ff0274c519c036c28b70efbb8bf823347c91eb96 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sun, 24 Jan 2010 16:47:24 +0100
Subject: s3: Add NTLMSSP_FEATURE_CCACHE

Uses the winbind ccache to do authentication if asked to do so
---
 source3/Makefile.in       | 16 +++++++++----
 source3/include/ntlmssp.h |  2 ++
 source3/libsmb/ntlmssp.c  | 60 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 5 deletions(-)

(limited to 'source3')

diff --git a/source3/Makefile.in b/source3/Makefile.in
index f87cb88801..9d67b449d0 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1558,9 +1558,10 @@ bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) $(LIBTALLOC) $(LIBTDB) $(LIBWBCL
 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
 
-bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
 	@echo Linking $@
 	@$(CC) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(ZLIB_LIBS)
 
@@ -1597,9 +1598,10 @@ bin/profiles@EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ $(LIBTALLOC
 	@$(CC) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
 
-bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
 	@echo Linking $@
 	@$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
 
 bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ)
@@ -1686,10 +1688,11 @@ bin/smbconftort@EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
 		$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
 
-bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
 	@echo Linking $@
 	@$(CC) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
 
 bin/msgtest@EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
@@ -1720,10 +1723,11 @@ bin/sharesec@EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ $(LIBTALLOC
 	@$(CC) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
 
-bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
 	@echo Linking $@
 	@$(CC) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
 
 bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ)
@@ -1755,9 +1759,10 @@ bin/log2pcap@EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ $(LIBTALLOC
 	@$(CC) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \
 		$(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS)
 
-bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
+bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
 	@echo Linking $@
 	@$(CC) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
 
@@ -1770,6 +1775,7 @@ bin/smbfilter@EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ $(LIBTALL
 	@echo Linking $@
 	@$(CC) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+		@LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
 
 bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index d3de59835f..31b614fb54 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -40,6 +40,7 @@ enum ntlmssp_message_type
 #define NTLMSSP_FEATURE_SESSION_KEY        0x00000001
 #define NTLMSSP_FEATURE_SIGN               0x00000002
 #define NTLMSSP_FEATURE_SEAL               0x00000004
+#define NTLMSSP_FEATURE_CCACHE		   0x00000008
 
 struct ntlmssp_state
 {
@@ -49,6 +50,7 @@ struct ntlmssp_state
 
 	bool unicode;
 	bool use_ntlmv2;
+	bool use_ccache;
 	char *user;
 	char *domain;
 	char *workstation;
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c
index 1d20ee5026..8a5b7ac5c4 100644
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -245,6 +245,9 @@ void ntlmssp_want_feature_list(struct ntlmssp_state *ntlmssp_state, char *featur
 	if(in_list("NTLMSSP_FEATURE_SEAL", feature_list, True)) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
+	if (in_list("NTLMSSP_FEATURE_CCACHE", feature_list, true)) {
+		ntlmssp_state->use_ccache = true;
+	}
 }
 
 /**
@@ -265,6 +268,9 @@ void ntlmssp_want_feature(struct ntlmssp_state *ntlmssp_state, uint32 feature)
 	if (feature & NTLMSSP_FEATURE_SEAL) {
 		ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL;
 	}
+	if (feature & NTLMSSP_FEATURE_CCACHE) {
+		ntlmssp_state->use_ccache = true;
+	}
 }
 
 /**
@@ -992,6 +998,58 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 	struct CHALLENGE_MESSAGE challenge;
 	struct AUTHENTICATE_MESSAGE authenticate;
 
+	if (ntlmssp_state->use_ccache) {
+		struct wbcCredentialCacheParams params;
+		struct wbcCredentialCacheInfo *info = NULL;
+		struct wbcAuthErrorInfo *error = NULL;
+		struct wbcNamedBlob auth_blob;
+		struct wbcBlob *wbc_next = NULL;
+		struct wbcBlob *wbc_session_key = NULL;
+		wbcErr wbc_status;
+		int i;
+
+		params.account_name = ntlmssp_state->user;
+		params.domain_name = ntlmssp_state->domain;
+		params.level = WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP;
+
+		auth_blob.name = "challenge_blob";
+		auth_blob.flags = 0;
+		auth_blob.blob.data = reply.data;
+		auth_blob.blob.length = reply.length;
+		params.num_blobs = 1;
+		params.blobs = &auth_blob;
+
+		wbc_status = wbcCredentialCache(&params, &info, &error);
+		if (error != NULL) {
+			wbcFreeMemory(error);
+		}
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			goto noccache;
+		}
+
+		for (i=0; i<info->num_blobs; i++) {
+			if (strequal(info->blobs[i].name, "auth_blob")) {
+				wbc_next = &info->blobs[i].blob;
+			}
+			if (strequal(info->blobs[i].name, "session_key")) {
+				wbc_session_key = &info->blobs[i].blob;
+			}
+		}
+		if ((wbc_next == NULL) || (wbc_session_key == NULL)) {
+			wbcFreeMemory(info);
+			goto noccache;
+		}
+
+		*next_request = data_blob(wbc_next->data, wbc_next->length);
+		ntlmssp_state->session_key = data_blob(
+			wbc_session_key->data, wbc_session_key->length);
+
+		wbcFreeMemory(info);
+		goto done;
+	}
+
+noccache:
+
 	if (!msrpc_parse(ntlmssp_state, &reply, "CdBd",
 			 "NTLMSSP",
 			 &ntlmssp_command,
@@ -1203,6 +1261,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
 	ntlmssp_state->lm_resp = lm_response;
 	ntlmssp_state->nt_resp = nt_response;
 
+done:
+
 	ntlmssp_state->expected_state = NTLMSSP_DONE;
 
 	if (!NT_STATUS_IS_OK(nt_status = ntlmssp_sign_init(ntlmssp_state))) {
-- 
cgit