return False;
}
-static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username,
+static NTSTATUS do_ntlm_auth_with_stored_pw(const char *namespace,
const char *domain,
+ const char *username,
const char *password,
const DATA_BLOB initial_msg,
const DATA_BLOB challenge_msg,
TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_msg,
- uint8_t session_key[16])
+ uint8_t session_key[16],
+ uint8_t *new_spnego)
{
NTSTATUS status;
struct auth_generic_state *auth_generic_state = NULL;
}
/*
- * We inject the inital NEGOTIATE message our caller used
- * in order to get the state machine into the correct possition.
+ * We inject the initial NEGOTIATE message our caller used
+ * in order to get the state machine into the correct position.
*/
reply = data_blob_null;
status = gensec_update(auth_generic_state->gensec_security,
memcpy(session_key, session_key_blob.data, 16);
data_blob_free(&session_key_blob);
*auth_msg = reply;
+ *new_spnego = gensec_have_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_NEW_SPNEGO);
status = NT_STATUS_OK;
done:
return True;
}
-void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
+bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_domain, name_user;
+ fstring name_namespace, name_domain, name_user;
NTSTATUS result = NT_STATUS_NOT_SUPPORTED;
struct WINBINDD_MEMORY_CREDS *entry;
DATA_BLOB initial, challenge, auth;
uint32_t initial_blob_len, challenge_blob_len, extra_len;
+ bool ok;
/* Ensure null termination */
state->request->data.ccache_ntlm_auth.user[
/* Parse domain and username */
- if (!canonicalize_username(state->request->data.ccache_ntlm_auth.user,
- name_domain, name_user)) {
+ ok = canonicalize_username(state->request->data.ccache_ntlm_auth.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
- request_error(state);
- return;
+ return false;
}
domain = find_auth_domain(state->request->flags, name_domain);
if (domain == NULL) {
DEBUG(5,("winbindd_ccache_ntlm_auth: can't get domain [%s]\n",
name_domain));
- request_error(state);
- return;
+ return false;
}
if (!check_client_uid(state, state->request->data.ccache_ntlm_auth.uid)) {
- request_error(state);
- return;
+ return false;
}
/* validate blob lengths */
}
/* Parse domain and username */
- if (!parse_domain_user(state->request->data.ccache_ntlm_auth.user, name_domain, name_user)) {
+ ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse "
"domain and user from name [%s]\n",
state->request->data.ccache_ntlm_auth.user));
state->request->data.ccache_ntlm_auth.challenge_blob_len);
result = do_ntlm_auth_with_stored_pw(
- name_user, name_domain, entry->pass,
- initial, challenge, talloc_tos(), &auth,
- state->response->data.ccache_ntlm_auth.session_key);
+ name_namespace,
+ name_domain,
+ name_user,
+ entry->pass,
+ initial,
+ challenge,
+ talloc_tos(),
+ &auth,
+ state->response->data.ccache_ntlm_auth.session_key,
+ &state->response->data.ccache_ntlm_auth.new_spnego);
if (!NT_STATUS_IS_OK(result)) {
goto process_result;
data_blob_free(&auth);
process_result:
- if (!NT_STATUS_IS_OK(result)) {
- request_error(state);
- return;
- }
- request_ok(state);
+ return NT_STATUS_IS_OK(result);
}
-void winbindd_ccache_save(struct winbindd_cli_state *state)
+bool winbindd_ccache_save(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
- fstring name_domain, name_user;
+ fstring name_namespace, name_domain, name_user;
NTSTATUS status;
+ bool ok;
/* Ensure null termination */
state->request->data.ccache_save.user[
/* Parse domain and username */
- if (!canonicalize_username(state->request->data.ccache_save.user,
- name_domain, name_user)) {
+ ok = canonicalize_username(state->request->data.ccache_save.user,
+ name_namespace,
+ name_domain,
+ name_user);
+ if (!ok) {
DEBUG(5,("winbindd_ccache_save: cannot parse domain and user "
"from name [%s]\n",
state->request->data.ccache_save.user));
- request_error(state);
- return;
+ return false;
}
/*
if (domain == NULL) {
DEBUG(5, ("winbindd_ccache_save: can't get domain [%s]\n",
name_domain));
- request_error(state);
- return;
+ return false;
}
if (!check_client_uid(state, state->request->data.ccache_save.uid)) {
- request_error(state);
- return;
+ return false;
}
status = winbindd_add_memory_creds(
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("winbindd_add_memory_creds failed %s\n",
nt_errstr(status)));
- request_error(state);
- return;
+ return false;
}
- request_ok(state);
+ return true;
}