From 2643ff4bb63005010a56712d77ca70c245c2aa7d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 24 Jan 2010 16:41:30 +0100 Subject: [PATCH] s3: Add the session key to the ccache_ntlm_auth response (cherry picked from commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896) --- nsswitch/winbind_struct_protocol.h | 4 +++- source3/winbindd/winbindd_ccache_access.c | 21 +++++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 7790155f251..2e0751f79a7 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -48,7 +48,8 @@ typedef char fstring[FSTRING_LEN]; * 21: added WINBINDD_GETPWSID * added WINBINDD_GETSIDALIASES * 22: added WINBINDD_PING_DC - * 23: added WINBINDD_CCACHE_SAVE + * 23: added session_key to ccache_ntlm_auth response + * added WINBINDD_CCACHE_SAVE */ #define WINBIND_INTERFACE_VERSION 23 @@ -485,6 +486,7 @@ struct winbindd_response { uint32_t group_rid; } user_info; struct { + uint8_t session_key[16]; uint32_t auth_blob_len; /* blob in extra_data */ } ccache_ntlm_auth; struct { diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index 7435c266730..b36b067851b 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -46,7 +46,8 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username, const unsigned char nt_hash[NT_HASH_LEN], const DATA_BLOB initial_msg, const DATA_BLOB challenge_msg, - DATA_BLOB *auth_msg) + DATA_BLOB *auth_msg, + uint8_t session_key[16]) { NTSTATUS status; NTLMSSP_STATE *ntlmssp_state = NULL; @@ -84,6 +85,8 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username, goto done; } + ntlmssp_want_feature(ntlmssp_state, NTLMSSP_FEATURE_SESSION_KEY); + /* We need to get our protocol handler into the right state. So first we ask it to generate the initial message. Actually the client has already sent its own initial message, so we're going to drop this one on the floor. @@ -115,7 +118,16 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username, data_blob_free(&reply); goto done; } + + if (ntlmssp_state->session_key.length != 16) { + DEBUG(1, ("invalid session key length %d\n", + (int)ntlmssp_state->session_key.length)); + data_blob_free(&reply); + goto done; + } + *auth_msg = data_blob(reply.data, reply.length); + memcpy(session_key, ntlmssp_state->session_key.data, 16); status = NT_STATUS_OK; done: @@ -257,9 +269,10 @@ enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *doma if (!initial.data || !challenge.data) { result = NT_STATUS_NO_MEMORY; } else { - result = do_ntlm_auth_with_hashes(name_user, name_domain, - entry->lm_hash, entry->nt_hash, - initial, challenge, &auth); + result = do_ntlm_auth_with_hashes( + name_user, name_domain, entry->lm_hash, entry->nt_hash, + initial, challenge, &auth, + state->response->data.ccache_ntlm_auth.session_key); } data_blob_free(&initial); -- 2.11.4.GIT