libwbclient: implement WBC_AUTH_USER_LEVEL_HASH for wbcAuthenticateUserEx()

This is used for 'interactive' or 'service' logons using the nt or lm hash.

metze

diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index e4cd29630128e87a35336ceef7bb9b9bc6cd2819..e335b9e652bf4e5c621b8bf0d53fd11153cf4d0a 100644 (file)
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -427,8 +427,43 @@ wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx,
                break;
 
        case WBC_AUTH_USER_LEVEL_HASH:
-               wbc_status = WBC_ERR_NOT_IMPLEMENTED;
-               BAIL_ON_WBC_ERROR(wbc_status);
+               cmd = WINBINDD_PAM_AUTH_CRAP;
+               request.flags = WBFLAG_PAM_INFO3_TEXT |
+                               WBFLAG_PAM_USER_SESSION_KEY |
+                               WBFLAG_PAM_LMKEY |
+                               WBFLAG_PAM_INTERACTIVE_LOGON;
+
+               strncpy(request.data.auth_crap.user,
+                       params->account_name,
+                       sizeof(request.data.auth_crap.user)-1);
+               if (params->domain_name) {
+                       strncpy(request.data.auth_crap.domain,
+                               params->domain_name,
+                               sizeof(request.data.auth_crap.domain)-1);
+               }
+               if (params->workstation_name) {
+                       strncpy(request.data.auth_crap.workstation,
+                               params->workstation_name,
+                               sizeof(request.data.auth_crap.workstation)-1);
+               }
+
+               request.data.auth_crap.logon_parameters =
+                               params->parameter_control;
+
+               memset(request.data.auth_crap.chal, 0,
+                      sizeof(request.data.auth_crap.chal));
+
+               request.data.auth_crap.lm_resp_len =
+                               sizeof(params->password.hash.lm_hash);
+               memcpy(request.data.auth_crap.lm_resp,
+                      params->password.hash.lm_hash,
+                      request.data.auth_crap.lm_resp_len);
+
+               request.data.auth_crap.nt_resp_len =
+                               sizeof(params->password.hash.nt_hash);
+               memcpy(request.data.auth_crap.nt_resp,
+                      params->password.hash.nt_hash,
+                      request.data.auth_crap.nt_resp_len);
                break;
 
        case WBC_AUTH_USER_LEVEL_RESPONSE: