s3: Add the session key to the ccache_ntlm_auth response
authorVolker Lendecke <vl@samba.org>
Sun, 24 Jan 2010 15:41:30 +0000 (16:41 +0100)
committerVolker Lendecke <vl@samba.org>
Sun, 24 Jan 2010 19:32:16 +0000 (20:32 +0100)
nsswitch/winbind_struct_protocol.h
source3/winbindd/winbindd_ccache_access.c

index 7790155f251db928ce8c0a95e46139a03d6a53bd..2e0751f79a721372f23d0e83e0362d40ec885f14 100644 (file)
@@ -48,7 +48,8 @@ typedef char fstring[FSTRING_LEN];
  * 21: added WINBINDD_GETPWSID
  *     added WINBINDD_GETSIDALIASES
  * 22: added WINBINDD_PING_DC
  * 21: added WINBINDD_GETPWSID
  *     added WINBINDD_GETSIDALIASES
  * 22: added WINBINDD_PING_DC
- * 23: added WINBINDD_CCACHE_SAVE
+ * 23: added session_key to ccache_ntlm_auth response
+ *     added WINBINDD_CCACHE_SAVE
  */
 #define WINBIND_INTERFACE_VERSION 23
 
  */
 #define WINBIND_INTERFACE_VERSION 23
 
@@ -485,6 +486,7 @@ struct winbindd_response {
                        uint32_t group_rid;
                } user_info;
                struct {
                        uint32_t group_rid;
                } user_info;
                struct {
+                       uint8_t session_key[16];
                        uint32_t auth_blob_len; /* blob in extra_data */
                } ccache_ntlm_auth;
                struct {
                        uint32_t auth_blob_len; /* blob in extra_data */
                } ccache_ntlm_auth;
                struct {
index b0efc6474bf5377e7d5e024a482e59b25b892557..436e9076994be1c96567d497ddc237042976a6e2 100644 (file)
@@ -47,7 +47,8 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
                                        const unsigned char nt_hash[NT_HASH_LEN],
                                        const DATA_BLOB initial_msg,
                                        const DATA_BLOB challenge_msg,
                                        const unsigned char nt_hash[NT_HASH_LEN],
                                        const DATA_BLOB initial_msg,
                                        const DATA_BLOB challenge_msg,
-                                       DATA_BLOB *auth_msg)
+                                       DATA_BLOB *auth_msg,
+                                       uint8_t session_key[16])
 {
        NTSTATUS status;
        struct ntlmssp_state *ntlmssp_state = NULL;
 {
        NTSTATUS status;
        struct ntlmssp_state *ntlmssp_state = NULL;
@@ -85,6 +86,8 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
                goto done;
        }
 
                goto done;
        }
 
+       ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY);
+
        /* We need to get our protocol handler into the right state. So first
           we ask it to generate the initial message. Actually the client has already
           sent its own initial message, so we're going to drop this one on the floor.
        /* We need to get our protocol handler into the right state. So first
           we ask it to generate the initial message. Actually the client has already
           sent its own initial message, so we're going to drop this one on the floor.
@@ -116,7 +119,16 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
                data_blob_free(&reply);
                goto done;
        }
                data_blob_free(&reply);
                goto done;
        }
+
+       if (ntlmssp_state->session_key.length != 16) {
+               DEBUG(1, ("invalid session key length %d\n",
+                         (int)ntlmssp_state->session_key.length));
+               data_blob_free(&reply);
+               goto done;
+       }
+
        *auth_msg = data_blob(reply.data, reply.length);
        *auth_msg = data_blob(reply.data, reply.length);
+       memcpy(session_key, ntlmssp_state->session_key.data, 16);
        status = NT_STATUS_OK;
 
 done:
        status = NT_STATUS_OK;
 
 done:
@@ -257,9 +269,11 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma
                state->request->extra_data.data + initial_blob_len,
                state->request->data.ccache_ntlm_auth.challenge_blob_len);
 
                state->request->extra_data.data + initial_blob_len,
                state->request->data.ccache_ntlm_auth.challenge_blob_len);
 
-       result = do_ntlm_auth_with_hashes(name_user, name_domain,
-                                         entry->lm_hash, entry->nt_hash,
-                                         initial, challenge, &auth);
+       result = do_ntlm_auth_with_hashes(
+               name_user, name_domain, entry->lm_hash, entry->nt_hash,
+               initial, challenge, &auth,
+               state->response->data.ccache_ntlm_auth.session_key);
+
        if (!NT_STATUS_IS_OK(result)) {
                goto process_result;
        }
        if (!NT_STATUS_IS_OK(result)) {
                goto process_result;
        }