* 21: added WINBINDD_GETPWSID
* added WINBINDD_GETSIDALIASES
* 22: added WINBINDD_PING_DC
- * 23: added WINBINDD_CCACHE_SAVE
+ * 23: added session_key to ccache_ntlm_auth response
+ * added WINBINDD_CCACHE_SAVE
*/
#define WINBIND_INTERFACE_VERSION 23
uint32_t group_rid;
} user_info;
struct {
+ uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
} ccache_ntlm_auth;
struct {
const unsigned char nt_hash[NT_HASH_LEN],
const DATA_BLOB initial_msg,
const DATA_BLOB challenge_msg,
- DATA_BLOB *auth_msg)
+ DATA_BLOB *auth_msg,
+ uint8_t session_key[16])
{
NTSTATUS status;
struct ntlmssp_state *ntlmssp_state = NULL;
goto done;
}
+ ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
/* We need to get our protocol handler into the right state. So first
we ask it to generate the initial message. Actually the client has already
sent its own initial message, so we're going to drop this one on the floor.
data_blob_free(&reply);
goto done;
}
+
+ if (ntlmssp_state->session_key.length != 16) {
+ DEBUG(1, ("invalid session key length %d\n",
+ (int)ntlmssp_state->session_key.length));
+ data_blob_free(&reply);
+ goto done;
+ }
+
*auth_msg = data_blob(reply.data, reply.length);
+ memcpy(session_key, ntlmssp_state->session_key.data, 16);
status = NT_STATUS_OK;
done:
state->request->extra_data.data + initial_blob_len,
state->request->data.ccache_ntlm_auth.challenge_blob_len);
- result = do_ntlm_auth_with_hashes(name_user, name_domain,
- entry->lm_hash, entry->nt_hash,
- initial, challenge, &auth);
+ result = do_ntlm_auth_with_hashes(
+ name_user, name_domain, entry->lm_hash, entry->nt_hash,
+ initial, challenge, &auth,
+ state->response->data.ccache_ntlm_auth.session_key);
+
if (!NT_STATUS_IS_OK(result)) {
goto process_result;
}