The branch, master has been updated
via 4eb1523... s3-libsmbclient: Add smbc_setOptionUseCCache()
via dc1bcec... s3: Add --use-ccache to net
via aa837d4... s3: add libnetapi_set_use_ccache()
via bff4873... s3: Fix a bug in net's use of popt
via b8996ba... s3: Enable -C in rpcclient
via ca48d6a... s3: Add CLI_FULL_CONNECTION_USE_CCACHE
via d016bdb... s3: Use -C in smbclient
via 21ec6a6... s3: Add -C (--use-ccache) to popt_common_credentials
via a03a83a... s3: Add ccache use to cli_session_setup_ntlmssp
via ff0274c... s3: Add NTLMSSP_FEATURE_CCACHE
via e879b50... libwbclient: Actually implement wbcCredentialCache()
via 6ba9bf0... s3: Add the session key to the ccache_ntlm_auth response
via 7d18d05... s3: Add wbinfo --ccache-save
from 185815a... s3: Remove some calls to memset -- reduces text size by
some bytes for me
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4eb1523d87e4ed1bcc5b1ec64da0b53ce2264000
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 19:24:10 2010 +0100
s3-libsmbclient: Add smbc_setOptionUseCCache()
Can we enable this by default? This would be a change in behaviour, but this
feature is just too cool for everyone to catch up in the apps.
The patch would be
commit dc1bcec73cb3c895ebd84614cc5a14ca0eae0505
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 18:50:48 2010 +0100
s3: Add --use-ccache to net
commit aa837d4aeed46a0ddbf6545d7e0474a0f5d86cec
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 18:50:31 2010 +0100
s3: add libnetapi_set_use_ccache()
commit bff48738a88875c5279e70f2886e894584f0cd7f
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 18:51:58 2010 +0100
s3: Fix a bug in net's use of popt
In order to add --use-ccache to net, I added another "bool opt_ccache;" to
struct net_context. popt did not like this, it took a while to figure out
why.
Popt has the lines
/* XXX Check alignment, may fail on funky platforms. */
if (arg == NULL || (((unsigned long)arg) & (sizeof(*arg)-1)))
return POPT_ERROR_NULLARG;
The "bool opt_ccache;" was not aligned anymore...
commit b8996baba613edd1e50bffa87647c41e03b08db3
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 17:35:04 2010 +0100
s3: Enable -C in rpcclient
commit ca48d6ab778a49f7676b27a7df054d75f4c819c1
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 17:34:13 2010 +0100
s3: Add CLI_FULL_CONNECTION_USE_CCACHE
commit d016bdb72c3bd5993d0f4acb583512f25ea9521c
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 17:08:56 2010 +0100
s3: Use -C in smbclient
$ bin/wbinfo --ccache-save=w2k3ad\\vl%Password
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003
R2 5.2]
smb: \>
$ bin/wbinfo --ccache-save=w2k3ad\\vl%WrongPassword
saving creds succeeded
$ bin/smbclient //192.168.42.160/tmp -Uvl -N -C -W w2k3ad
Anonymous login successful
Domain=[W2K3AD] OS=[Windows Server 2003 R2 3790 Service Pack 2]
Server=[Windows Server 2003 R2 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED
$
commit 21ec6a6cbd358f36aa9bf5974c5c53b8732cdceb
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 17:07:24 2010 +0100
s3: Add -C (--use-ccache) to popt_common_credentials
commit a03a83ad26b2cfa571b18f423915312c29fd33c7
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 16:50:46 2010 +0100
s3: Add ccache use to cli_session_setup_ntlmssp
commit ff0274c519c036c28b70efbb8bf823347c91eb96
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 16:47:24 2010 +0100
s3: Add NTLMSSP_FEATURE_CCACHE
Uses the winbind ccache to do authentication if asked to do so
commit e879b50b32a86ca4392147ab5473766f74a61118
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 16:44:15 2010 +0100
libwbclient: Actually implement wbcCredentialCache()
commit 6ba9bf004f966a217e705b69fd8c713391941929
Author: Volker Lendecke <[email protected]>
Date: Sun Jan 24 16:41:30 2010 +0100
s3: Add the session key to the ccache_ntlm_auth response
commit 7d18d058a1203ab7079f9dbdf37962803064d699
Author: Volker Lendecke <[email protected]>
Date: Sat Jan 9 20:20:36 2010 +0100
s3: Add wbinfo --ccache-save
With this command you can give winbind your password for later use by
the automatic ntlm_auth
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_pam.c | 146 ++++++++++++++++++++++++++++-
nsswitch/libwbclient/wbclient.h | 10 ++
nsswitch/wbinfo.c | 46 +++++++++
nsswitch/winbind_struct_protocol.h | 11 ++-
source3/Makefile.in | 16 ++-
source3/include/client.h | 2 +
source3/include/libsmbclient.h | 11 ++
source3/include/ntlmssp.h | 2 +
source3/include/popt_common.h | 1 +
source3/include/proto.h | 3 +
source3/lib/netapi/cm.c | 4 +
source3/lib/netapi/netapi.c | 6 +
source3/lib/netapi/netapi.h | 6 +
source3/lib/popt_common.c | 7 +-
source3/lib/util.c | 10 ++
source3/libsmb/cliconnect.c | 7 ++
source3/libsmb/clidfs.c | 1 +
source3/libsmb/libsmb_context.c | 14 +++
source3/libsmb/libsmb_server.c | 7 ++
source3/libsmb/libsmb_setget.c | 18 ++++
source3/libsmb/ntlmssp.c | 60 ++++++++++++
source3/rpcclient/rpcclient.c | 3 +
source3/utils/net.c | 1 +
source3/utils/net.h | 3 +-
source3/utils/net_rpc.c | 3 +
source3/utils/net_util.c | 4 +
source3/winbindd/winbindd.c | 1 +
source3/winbindd/winbindd_ccache_access.c | 94 ++++++++++++++++++-
source3/winbindd/winbindd_domain.c | 4 +
source3/winbindd/winbindd_proto.h | 3 +
30 files changed, 491 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 1f76c0a..24b3ef6 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -1117,5 +1117,149 @@ wbcErr wbcCredentialCache(struct
wbcCredentialCacheParams *params,
struct wbcCredentialCacheInfo **info,
struct wbcAuthErrorInfo **error)
{
- return WBC_ERR_NOT_IMPLEMENTED;
+ wbcErr status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcCredentialCacheInfo *result = NULL;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ struct wbcNamedBlob *initial_blob = NULL;
+ struct wbcNamedBlob *challenge_blob = NULL;
+ int i;
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ if (info != NULL) {
+ *info = NULL;
+ }
+ if (error != NULL) {
+ *error = NULL;
+ }
+ if ((params == NULL)
+ || (params->account_name == NULL)
+ || (params->level != WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP)) {
+ status = WBC_ERR_INVALID_PARAM;
+ goto fail;
+ }
+
+ if (params->domain_name != NULL) {
+ status = wbcRequestResponse(WINBINDD_INFO, NULL, &response);
+ if (!WBC_ERROR_IS_OK(status)) {
+ goto fail;
+ }
+ snprintf(request.data.ccache_ntlm_auth.user,
+ sizeof(request.data.ccache_ntlm_auth.user)-1,
+ "%s%c%s", params->domain_name,
+ response.data.info.winbind_separator,
+ params->account_name);
+ } else {
+ strncpy(request.data.ccache_ntlm_auth.user,
+ params->account_name,
+ sizeof(request.data.ccache_ntlm_auth.user)-1);
+ }
+ request.data.ccache_ntlm_auth.uid = getuid();
+
+ for (i=0; i<params->num_blobs; i++) {
+ if (strcasecmp(params->blobs[i].name, "initial_blob") == 0) {
+ initial_blob = ¶ms->blobs[i];
+ break;
+ }
+ if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) {
+ challenge_blob = ¶ms->blobs[i];
+ break;
+ }
+ }
+
+ request.data.ccache_ntlm_auth.initial_blob_len = 0;
+ request.data.ccache_ntlm_auth.challenge_blob_len = 0;
+ request.extra_len = 0;
+
+ if (initial_blob != NULL) {
+ request.data.ccache_ntlm_auth.initial_blob_len =
+ initial_blob->blob.length;
+ request.extra_len += initial_blob->blob.length;
+ }
+ if (challenge_blob != NULL) {
+ request.data.ccache_ntlm_auth.challenge_blob_len =
+ challenge_blob->blob.length;
+ request.extra_len += challenge_blob->blob.length;
+ }
+
+ if (request.extra_len != 0) {
+ request.extra_data.data = talloc_array(
+ NULL, char, request.extra_len);
+ if (request.extra_data.data == NULL) {
+ status = WBC_ERR_NO_MEMORY;
+ goto fail;
+ }
+ }
+ if (initial_blob != NULL) {
+ memcpy(request.extra_data.data,
+ initial_blob->blob.data, initial_blob->blob.length);
+ }
+ if (challenge_blob != NULL) {
+ memcpy(request.extra_data.data
+ + request.data.ccache_ntlm_auth.initial_blob_len,
+ challenge_blob->blob.data,
+ challenge_blob->blob.length);
+ }
+
+ status = wbcRequestResponse(WINBINDD_CCACHE_NTLMAUTH, &request,
+ &response);
+ if (!WBC_ERROR_IS_OK(status)) {
+ goto fail;
+ }
+
+ result = talloc(NULL, struct wbcCredentialCacheInfo);
+ if (result == NULL) {
+ status = WBC_ERR_NO_MEMORY;
+ goto fail;
+ }
+ result->num_blobs = 0;
+ result->blobs = talloc(result, struct wbcNamedBlob);
+ if (result->blobs == NULL) {
+ status = WBC_ERR_NO_MEMORY;
+ goto fail;
+ }
+ status = wbcAddNamedBlob(&result->num_blobs, &result->blobs,
+ "auth_blob", 0,
+ (uint8_t *)response.extra_data.data,
+ response.data.ccache_ntlm_auth.auth_blob_len);
+ if (!WBC_ERROR_IS_OK(status)) {
+ goto fail;
+ }
+ status = wbcAddNamedBlob(
+ &result->num_blobs, &result->blobs, "session_key", 0,
+ response.data.ccache_ntlm_auth.session_key,
+ sizeof(response.data.ccache_ntlm_auth.session_key));
+ if (!WBC_ERROR_IS_OK(status)) {
+ goto fail;
+ }
+
+ winbindd_free_response(&response);
+ *info = result;
+ return WBC_ERR_SUCCESS;
+
+fail:
+ TALLOC_FREE(request.extra_data.data);
+ winbindd_free_response(&response);
+ talloc_free(result);
+ return status;
+}
+
+/* Authenticate a user with cached credentials */
+wbcErr wbcCredentialSave(const char *user, const char *password)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.ccache_save.user, user,
+ sizeof(request.data.ccache_save.user)-1);
+ strncpy(request.data.ccache_save.pass, password,
+ sizeof(request.data.ccache_save.pass)-1);
+ request.data.ccache_save.uid = getuid();
+
+ return wbcRequestResponse(WINBINDD_CCACHE_SAVE, &request, &response);
}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 33a4ace..06f0713 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -1164,6 +1164,16 @@ wbcErr wbcCredentialCache(struct
wbcCredentialCacheParams *params,
struct wbcCredentialCacheInfo **info,
struct wbcAuthErrorInfo **error);
+/**
+ * @brief Save a password with winbind for doing wbcCredentialCache() later
+ *
+ * @param *user Username
+ * @param *password Password
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCredentialSave(const char *user, const char *password);
+
/**********************************************************
* Resolve functions
**********************************************************/
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 45d8684..a43ce8f 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -1530,6 +1530,43 @@ static bool wbinfo_auth_crap(char *username, bool
use_ntlmv2, bool use_lanman)
return WBC_ERROR_IS_OK(wbc_status);
}
+/* Save creds with winbind */
+
+static bool wbinfo_ccache_save(char *username)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ char *s = NULL;
+ char *p = NULL;
+ char *password = NULL;
+ char *name = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ s = talloc_strdup(frame, username);
+ if (s == NULL) {
+ return false;
+ }
+
+ p = strchr(s, '%');
+ if (p != NULL) {
+ *p = 0;
+ p++;
+ password = talloc_strdup(frame, p);
+ } else {
+ password = wbinfo_prompt_pass(frame, NULL, username);
+ }
+
+ name = s;
+
+ wbc_status = wbcCredentialSave(name, password);
+
+ d_printf("saving creds %s\n",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ TALLOC_FREE(frame);
+
+ return WBC_ERROR_IS_OK(wbc_status);
+}
+
#ifdef WITH_FAKE_KASERVER
/* Authenticate a user with a plaintext password and set a token */
@@ -1736,6 +1773,7 @@ enum {
OPT_ONLINESTATUS,
OPT_CHANGE_USER_PASSWORD,
OPT_PING_DC,
+ OPT_CCACHE_SAVE,
OPT_SID_TO_FULLNAME,
OPT_NTLMV2,
OPT_LANMAN
@@ -1805,6 +1843,9 @@ int main(int argc, char **argv, char **envp)
{ "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS,
"Get user group sids for user SID", "SID" },
{ "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a',
"authenticate user", "user%password" },
{ "set-auth-user", 0, POPT_ARG_STRING, &string_arg,
OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)",
"user%password" },
+ { "ccache-save", 0, POPT_ARG_STRING, &string_arg,
+ OPT_CCACHE_SAVE, "Store user and password for ccache "
+ "operation", "user%password" },
{ "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME,
"Get a DC name for a foreign domain", "domainname" },
{ "dsgetdcname", 0, POPT_ARG_STRING, &string_arg,
OPT_DSGETDCNAME, "Find a DC for a domain", "domainname" },
@@ -2189,6 +2230,11 @@ int main(int argc, char **argv, char **envp)
wbinfo_get_auth_user();
goto done;
break;
+ case OPT_CCACHE_SAVE:
+ if (!wbinfo_ccache_save(string_arg)) {
+ goto done;
+ }
+ break;
case OPT_GETDCNAME:
if (!wbinfo_getdcname(string_arg)) {
goto done;
diff --git a/nsswitch/winbind_struct_protocol.h
b/nsswitch/winbind_struct_protocol.h
index 4d27d52..2e0751f 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -48,8 +48,10 @@ typedef char fstring[FSTRING_LEN];
* 21: added WINBINDD_GETPWSID
* added WINBINDD_GETSIDALIASES
* 22: added WINBINDD_PING_DC
+ * 23: added session_key to ccache_ntlm_auth response
+ * added WINBINDD_CCACHE_SAVE
*/
-#define WINBIND_INTERFACE_VERSION 22
+#define WINBIND_INTERFACE_VERSION 23
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -177,6 +179,7 @@ enum winbindd_cmd {
/* Complete the challenge phase of the NTLM authentication
protocol using cached password. */
WINBINDD_CCACHE_NTLMAUTH,
+ WINBINDD_CCACHE_SAVE,
WINBINDD_NUM_CMDS
};
@@ -335,6 +338,11 @@ struct winbindd_request {
uint32_t challenge_blob_len;
} ccache_ntlm_auth;
struct {
+ uid_t uid;
+ fstring user;
+ fstring pass;
+ } ccache_save;
+ struct {
fstring domain_name;
fstring domain_guid;
fstring site_name;
@@ -478,6 +486,7 @@ struct winbindd_response {
uint32_t group_rid;
} user_info;
struct {
+ uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
} ccache_ntlm_auth;
struct {
diff --git a/source3/Makefile.in b/source3/Makefile.in
index f87cb88..9d67b44 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -1558,9 +1558,10 @@ bin/s...@exeext@: $(BINARY_PREREQS) $(SMBD_OBJ)
$(LIBTALLOC) $(LIBTDB) $(LIBWBCL
$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
$(LIBWBCLIENT_LIBS) $(ZLIB_LIBS)
-bin/n...@exeext@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB)
+bin/n...@exeext@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(ZLIB_LIBS)
@@ -1597,9 +1598,10 @@ bin/profi...@exeext@: $(BINARY_PREREQS) $(PROFILES_OBJ)
@BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
-bin/smbsp...@exeext@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB)
+bin/smbsp...@exeext@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS)
$(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/mount.c...@exeext@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ)
@@ -1686,10 +1688,11 @@ bin/smbconft...@exeext@: $(SMBCONFTORT_OBJ)
@BUILD_POPT@ $(LIBTALLOC) $(LIBTDB)
$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
-bin/maskt...@exeext@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB)
+bin/maskt...@exeext@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/msgt...@exeext@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB)
@@ -1720,10 +1723,11 @@ bin/share...@exeext@: $(BINARY_PREREQS) $(SHARESEC_OBJ)
@BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \
$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS)
$(LIBTDB_LIBS)
-bin/lockt...@exeext@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB)
+bin/lockt...@exeext@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/nsst...@exeext@: $(BINARY_PREREQS) $(NSSTEST_OBJ)
@@ -1755,9 +1759,10 @@ bin/log2p...@exeext@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ)
@BUILD_POPT@ $(LIBTALLOC
@$(CC) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \
$(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS)
-bin/lockte...@exeext@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB)
+bin/lockte...@exeext@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@
$(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT)
@echo Linking $@
@$(CC) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
@@ -1770,6 +1775,7 @@ bin/smbfil...@exeext@: $(BINARY_PREREQS) $(SMBFILTER_OBJ)
@BUILD_POPT@ $(LIBTALL
@echo Linking $@
@$(CC) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
+ @LIBWBCLIENT_STATIC@ $(LIBWBCLIENT_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS)
bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ $(LIBTALLOC)
$(LIBTDB) $(LIBWBCLIENT)
diff --git a/source3/include/client.h b/source3/include/client.h
index d5030c1..72cea4a 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -266,6 +266,7 @@ struct cli_state {
bool use_kerberos;
bool fallback_after_kerberos;
bool use_spnego;
+ bool use_ccache;
bool got_kerberos_mechanism; /* Server supports krb5 in SPNEGO. */
bool use_oplocks; /* should we use oplocks? */
@@ -304,5 +305,6 @@ typedef struct file_info {
#define CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS 0x0008
#define CLI_FULL_CONNECTION_OPLOCKS 0x0010
#define CLI_FULL_CONNECTION_LEVEL_II_OPLOCKS 0x0020
+#define CLI_FULL_CONNECTION_USE_CCACHE 0x0040
#endif /* _CLIENT_H */
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 7de5000..dd6f93e 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -263,10 +263,13 @@ typedef struct _SMBCCTX SMBCCTX;
* smbc_getOptionFallbackAFterKerberos()
* smbc_setOptionNoAutoAnonymousLogin()
* smbc_getOptionNoAutoAnonymousLogin()
+ * smbc_setOptionUseCCache()
+ * smbc_getOptionUseCCache()
*/
# define SMB_CTX_FLAG_USE_KERBEROS (1 << 0)
# define SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS (1 << 1)
# define SMBCCTX_FLAG_NO_AUTO_ANONYMOUS_LOGON (1 << 2)
+# define SMB_CTX_FLAG_USE_CCACHE (1 << 3)
@@ -732,6 +735,14 @@ smbc_getOptionNoAutoAnonymousLogin(SMBCCTX *c);
void
smbc_setOptionNoAutoAnonymousLogin(SMBCCTX *c, smbc_bool b);
+/** Get whether to enable use of the winbind ccache */
+smbc_bool
+smbc_getOptionUseCCache(SMBCCTX *c);
+
+/** Set whether to enable use of the winbind ccache */
+void
+smbc_setOptionUseCCache(SMBCCTX *c, smbc_bool b);
+
/*************************************
diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h
index d3de598..31b614f 100644
--- a/source3/include/ntlmssp.h
+++ b/source3/include/ntlmssp.h
@@ -40,6 +40,7 @@ enum ntlmssp_message_type
#define NTLMSSP_FEATURE_SESSION_KEY 0x00000001
#define NTLMSSP_FEATURE_SIGN 0x00000002
#define NTLMSSP_FEATURE_SEAL 0x00000004
+#define NTLMSSP_FEATURE_CCACHE 0x00000008
struct ntlmssp_state
{
@@ -49,6 +50,7 @@ struct ntlmssp_state
bool unicode;
bool use_ntlmv2;
+ bool use_ccache;
char *user;
char *domain;
char *workstation;
diff --git a/source3/include/popt_common.h b/source3/include/popt_common.h
index 7237ca6..a6e43d2 100644
--- a/source3/include/popt_common.h
+++ b/source3/include/popt_common.h
@@ -55,6 +55,7 @@ struct user_auth_info {
bool smb_encrypt;
bool use_machine_account;
bool fallback_after_kerberos;
+ bool use_ccache;
};
#endif /* _POPT_COMMON_H */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 01372c2..f0ccc92 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1105,6 +1105,9 @@ const char *get_cmdline_auth_info_password(const struct
user_auth_info *auth_inf
bool set_cmdline_auth_info_signing_state(struct user_auth_info *auth_info,
const char *arg);
int get_cmdline_auth_info_signing_state(const struct user_auth_info
*auth_info);
+void set_cmdline_auth_info_use_ccache(struct user_auth_info *auth_info,
+ bool b);
+bool get_cmdline_auth_info_use_ccache(const struct user_auth_info *auth_info);
void set_cmdline_auth_info_use_kerberos(struct user_auth_info *auth_info,
bool b);
bool get_cmdline_auth_info_use_kerberos(const struct user_auth_info
*auth_info);
diff --git a/source3/lib/netapi/cm.c b/source3/lib/netapi/cm.c
index 9baba7b..3a624bf 100644
--- a/source3/lib/netapi/cm.c
+++ b/source3/lib/netapi/cm.c
@@ -55,6 +55,10 @@ static WERROR libnetapi_open_ipc_connection(struct
libnetapi_ctx *ctx,
set_cmdline_auth_info_fallback_after_kerberos(auth_info, true);
}
+ if (ctx->use_ccache) {
+ set_cmdline_auth_info_use_ccache(auth_info, true);
+ }
+
cli_ipc = cli_cm_open(ctx, NULL,
server_name, "IPC$",
auth_info,
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index e80879a..bde6fd8 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -250,6 +250,12 @@ NET_API_STATUS libnetapi_set_use_kerberos(struct
libnetapi_ctx *ctx)
return NET_API_STATUS_SUCCESS;
}
+NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
+{
+ ctx->use_ccache = true;
+ return NET_API_STATUS_SUCCESS;
+}
+
/****************************************************************
--
Samba Shared Repository
