[PATCH] ntlm_auth: Add --offline-logon

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Dec 4 10:13:40 UTC 2015


Hi!

A customer sent me the attached patch.

2nd review appreciated!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 08505ebb004f570fc7d842884e49c1e22c7b1ff1 Mon Sep 17 00:00:00 2001
From: Wolfgang Ocker <weo at recco.de>
Date: Fri, 4 Dec 2015 11:05:30 +0100
Subject: [PATCH] ntlm_auth: Add --offline-logon

Reviewed-by: Volker Lendecke <vl at samba.org>
---
 docs-xml/manpages/ntlm_auth.1.xml |    6 ++++++
 source3/utils/ntlm_auth.c         |   11 ++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml
index 97477af..3dfcc03 100644
--- a/docs-xml/manpages/ntlm_auth.1.xml
+++ b/docs-xml/manpages/ntlm_auth.1.xml
@@ -381,6 +381,12 @@
 	</varlistentry>
 
 	<varlistentry>
+	<term>--offline-logon</term>
+	<listitem><para>Allow offline logons for plain text auth.
+	</para></listitem>
+	</varlistentry>
+
+	<varlistentry>
 	<term>--configfile=<configuration file></term>
 	<listitem><para>The file specified contains the
 	configuration details required by the server.  The
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index a5fd249..4878aa1 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -166,6 +166,7 @@ static DATA_BLOB opt_nt_response;
 static int request_lm_key;
 static int request_user_session_key;
 static int use_cached_creds;
+static int offline_logon;
 
 static const char *require_membership_of;
 static const char *require_membership_of_sid;
@@ -463,6 +464,10 @@ static bool check_plaintext_auth(const char *user, const char *pass,
 			sizeof(request.data.auth.require_membership_of_sid));
 	}
 
+	if (offline_logon) {
+		request.flags |= WBFLAG_PAM_CACHED_LOGIN;
+	}
+
 	result = winbindd_request_response(NULL, WINBINDD_PAM_AUTH, &request, &response);
 
 	/* Display response */
@@ -2713,7 +2718,8 @@ enum {
 	OPT_USE_CACHED_CREDS,
 	OPT_PAM_WINBIND_CONF,
 	OPT_TARGET_SERVICE,
-	OPT_TARGET_HOSTNAME
+	OPT_TARGET_HOSTNAME,
+	OPT_OFFLINE_LOGON
 };
 
  int main(int argc, const char **argv)
@@ -2750,6 +2756,9 @@ enum {
 		{ "request-lm-key", 0, POPT_ARG_NONE, &request_lm_key, OPT_LM_KEY, "Retrieve LM session key"},
 		{ "request-nt-key", 0, POPT_ARG_NONE, &request_user_session_key, OPT_USER_SESSION_KEY, "Retrieve User (NT) session key"},
 		{ "use-cached-creds", 0, POPT_ARG_NONE, &use_cached_creds, OPT_USE_CACHED_CREDS, "Use cached credentials if no password is given"},
+		{ "offline-logon", 0, POPT_ARG_NONE, &offline_logon,
+		  OPT_OFFLINE_LOGON,
+		  "Use cached passwords when DC is offline"},
 		{ "diagnostics", 0, POPT_ARG_NONE, &diagnostics,
 		  OPT_DIAGNOSTICS,
 		  "Perform diagnostics on the authentication chain"},
-- 
1.7.9.5



More information about the samba-technical mailing list