summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nsswitch/libwbclient/wbc_pam.c21
-rw-r--r--nsswitch/winbind_struct_protocol.h1
-rw-r--r--source3/winbindd/winbindd_ccache_access.c8
3 files changed, 27 insertions, 3 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 672cf373342..0d1b90c75fd 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -1286,7 +1286,17 @@ wbcErr wbcCtxCredentialCache(struct wbcContext *ctx,
}
for (i=0; i<params->num_blobs; i++) {
- if (strcasecmp(params->blobs[i].name, "initial_blob") == 0) {
+ /*
+ * Older callers may used to provide the NEGOTIATE request
+ * as "initial_blob", but it was completely ignored by winbindd.
+ *
+ * So we keep ignoring it.
+ *
+ * A new callers that is capable to support "new_spnego",
+ * will provide the NEGOTIATE request as "negotiate_blob"
+ * instead.
+ */
+ if (strcasecmp(params->blobs[i].name, "negotiate_blob") == 0) {
if (initial_blob != NULL) {
status = WBC_ERR_INVALID_PARAM;
goto fail;
@@ -1384,6 +1394,15 @@ wbcErr wbcCtxCredentialCache(struct wbcContext *ctx,
if (!WBC_ERROR_IS_OK(status)) {
goto fail;
}
+ if (response.data.ccache_ntlm_auth.new_spnego) {
+ status = wbcAddNamedBlob(
+ &result->num_blobs, &result->blobs, "new_spnego", 0,
+ &response.data.ccache_ntlm_auth.new_spnego,
+ sizeof(response.data.ccache_ntlm_auth.new_spnego));
+ if (!WBC_ERROR_IS_OK(status)) {
+ goto fail;
+ }
+ }
*info = result;
result = NULL;
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 622dcfef232..84829d2da74 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -488,6 +488,7 @@ struct winbindd_response {
struct {
uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
+ uint8_t new_spnego;
} ccache_ntlm_auth;
struct {
fstring dc_unc;
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index ddedf6a0208..039e6534013 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -50,7 +50,8 @@ static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username,
const DATA_BLOB challenge_msg,
TALLOC_CTX *mem_ctx,
DATA_BLOB *auth_msg,
- uint8_t session_key[16])
+ uint8_t session_key[16],
+ uint8_t *new_spnego)
{
NTSTATUS status;
struct auth_generic_state *auth_generic_state = NULL;
@@ -144,6 +145,8 @@ static NTSTATUS do_ntlm_auth_with_stored_pw(const char *username,
memcpy(session_key, session_key_blob.data, 16);
data_blob_free(&session_key_blob);
*auth_msg = reply;
+ *new_spnego = gensec_have_feature(auth_generic_state->gensec_security,
+ GENSEC_FEATURE_NEW_SPNEGO);
status = NT_STATUS_OK;
done:
@@ -272,7 +275,8 @@ void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state)
result = do_ntlm_auth_with_stored_pw(
name_user, name_domain, entry->pass,
initial, challenge, talloc_tos(), &auth,
- state->response->data.ccache_ntlm_auth.session_key);
+ state->response->data.ccache_ntlm_auth.session_key,
+ &state->response->data.ccache_ntlm_auth.new_spnego);
if (!NT_STATUS_IS_OK(result)) {
goto process_result;
View Lorry Controller Status