From fe7d46067133131189faf7aebae62fa9c48626d9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 May 2008 12:58:15 +1000 Subject: Allow an NTLM response to be specified into the auth subsystem. This allows it to be proxied for NTLM pass-though authentication (aka security=server and associated man-in-the-middle attacks). Andrew Bartlett (This used to be commit 6ffabb38d03ad90d8731ab3e0eb692438db967ee) --- source4/auth/credentials/credentials.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source4/auth/credentials/credentials.h') diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index 2514b5b1ce..79c50ae5af 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -80,8 +80,13 @@ struct cli_credentials { const char *bind_dn; + /* Allows authentication from a keytab or similar */ struct samr_Password *nt_hash; + /* Allows NTLM pass-though authentication */ + DATA_BLOB lm_response; + DATA_BLOB nt_response; + struct ccache_container *ccache; struct gssapi_creds_container *client_gss_creds; struct keytab_container *keytab; @@ -221,6 +226,10 @@ void cli_credentials_set_kvno(struct cli_credentials *cred, bool cli_credentials_set_nt_hash(struct cli_credentials *cred, const struct samr_Password *nt_hash, enum credentials_obtained obtained); +bool cli_credentials_set_ntlm_response(struct cli_credentials *cred, + const DATA_BLOB *lm_response, + const DATA_BLOB *nt_response, + enum credentials_obtained obtained); int cli_credentials_set_keytab_name(struct cli_credentials *cred, struct event_context *event_ctx, struct loadparm_context *lp_ctx, -- cgit