[PATCH] ntlm_auth: Add --offline-logon
Jeremy Allison
jra at samba.org
Fri Dec 4 18:14:50 UTC 2015
On Fri, Dec 04, 2015 at 11:13:40AM +0100, Volker Lendecke wrote:
> Hi!
>
> A customer sent me the attached patch.
>
> 2nd review appreciated!
LGTM.
Reviewed-by: Jeremy Allison <jra at samba.org>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
> From 08505ebb004f570fc7d842884e49c1e22c7b1ff1 Mon Sep 17 00:00:00 2001
> From: Wolfgang Ocker <weo at recco.de>
> Date: Fri, 4 Dec 2015 11:05:30 +0100
> Subject: [PATCH] ntlm_auth: Add --offline-logon
>
> Reviewed-by: Volker Lendecke <vl at samba.org>
> ---
> docs-xml/manpages/ntlm_auth.1.xml | 6 ++++++
> source3/utils/ntlm_auth.c | 11 ++++++++++-
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml
> index 97477af..3dfcc03 100644
> --- a/docs-xml/manpages/ntlm_auth.1.xml
> +++ b/docs-xml/manpages/ntlm_auth.1.xml
> @@ -381,6 +381,12 @@
> </varlistentry>
>
> <varlistentry>
> + <term>--offline-logon</term>
> + <listitem><para>Allow offline logons for plain text auth.
> + </para></listitem>
> + </varlistentry>
> +
> + <varlistentry>
> <term>--configfile=<configuration file></term>
> <listitem><para>The file specified contains the
> configuration details required by the server. The
> diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
> index a5fd249..4878aa1 100644
> --- a/source3/utils/ntlm_auth.c
> +++ b/source3/utils/ntlm_auth.c
> @@ -166,6 +166,7 @@ static DATA_BLOB opt_nt_response;
> static int request_lm_key;
> static int request_user_session_key;
> static int use_cached_creds;
> +static int offline_logon;
>
> static const char *require_membership_of;
> static const char *require_membership_of_sid;
> @@ -463,6 +464,10 @@ static bool check_plaintext_auth(const char *user, const char *pass,
> sizeof(request.data.auth.require_membership_of_sid));
> }
>
> + if (offline_logon) {
> + request.flags |= WBFLAG_PAM_CACHED_LOGIN;
> + }
> +
> result = winbindd_request_response(NULL, WINBINDD_PAM_AUTH, &request, &response);
>
> /* Display response */
> @@ -2713,7 +2718,8 @@ enum {
> OPT_USE_CACHED_CREDS,
> OPT_PAM_WINBIND_CONF,
> OPT_TARGET_SERVICE,
> - OPT_TARGET_HOSTNAME
> + OPT_TARGET_HOSTNAME,
> + OPT_OFFLINE_LOGON
> };
>
> int main(int argc, const char **argv)
> @@ -2750,6 +2756,9 @@ enum {
> { "request-lm-key", 0, POPT_ARG_NONE, &request_lm_key, OPT_LM_KEY, "Retrieve LM session key"},
> { "request-nt-key", 0, POPT_ARG_NONE, &request_user_session_key, OPT_USER_SESSION_KEY, "Retrieve User (NT) session key"},
> { "use-cached-creds", 0, POPT_ARG_NONE, &use_cached_creds, OPT_USE_CACHED_CREDS, "Use cached credentials if no password is given"},
> + { "offline-logon", 0, POPT_ARG_NONE, &offline_logon,
> + OPT_OFFLINE_LOGON,
> + "Use cached passwords when DC is offline"},
> { "diagnostics", 0, POPT_ARG_NONE, &diagnostics,
> OPT_DIAGNOSTICS,
> "Perform diagnostics on the authentication chain"},
> --
> 1.7.9.5
>
More information about the samba-technical
mailing list