Using Samba for HTTP-NTLM-authentication?

[Johann Hanne]

Hi folks,

Short version:
--------------
Can anybody tell me if there are hooks in Samba that make it possible 
to use it in conjunction with an apache module for HTTP-based 
NTLM-authentication?

Long version:
-------------
Internet Explorer can authenticate against a Web-Server using the 
so-called NTLM-authentication (see 
http://www.innovation.ch/java/ntlm.html). Despite the fact that the method 
is braindead, it is extremely useful for Intranets and seems to be 
reliable.

The whole thing is based on the authentication used by any SMB client that 
connects to a SMB server:
- The client connects to the server
- The server generates and sends some random bytes (challenge)
- The client sends a hash generated from password and challenge

What I need are hooks to:
- Connect to the SMB-Server
- Intercept the random bytes
- Send the hash

The point is that a function that just checks a combination of 
username+cleartext-password is not enough, as I don't have a 
cleartext-password.

A thing that would be even more interesting is if there is a way to do the 
authentication as a domain member, i.e. not by doing 
try-and-error-connects but by using the appropriate protocol.

I know there is already an apache module called "mod_ntlm" at sourceforge 
(and some extended versions). However, it is very unstable (apache 
processes segfault quite often) and it uses SMB code "Copyright (C) 
Richard Sharpe 1996". I'd really love to use some current code for it!

I've already found the function domain_client_validate() in 
domain_client_validate.c. However, this file seems to unused currently as 
it isn't compiled by the makefile and i wasn't able to compile it manually 
due to undefined symbols and conflicts with another function with the same 
name.
This one is defined in smbd/password.c and is probably used in smbd. Is it 
possible to use the function without the smbd environment?

Any comments?

Cheers, Jonny <jonny at 1409.org>