Index: source/python/py_winbind.c =================================================================== --- source/python/py_winbind.c (revision 6781) +++ source/python/py_winbind.c (working copy) @@ -455,6 +455,59 @@ return PyInt_FromLong(response.data.auth.nt_status); } + +/* Challenge/response authentication using hashes instead of password */ + +static PyObject *py_auth_crap_hash(PyObject *self, PyObject *args, PyObject *kw) +{ + struct winbindd_request request; + struct winbindd_response response; + char *username, *domain, *challenge, *lm_hash, *nt_hash; + int chal_len, lm_len, nt_len; + + if (!PyArg_ParseTuple( + args, "szs#z#z#", &username, &domain, &challenge, + &chal_len, &lm_hash, &lm_len, &nt_hash, &nt_len)) + return NULL; + + /* there needs to be at least one hash */ + if (lm_hash == NULL && nt_hash == NULL) { + PyErr_SetString(winbind_error, "no hash specified"); + return NULL; + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + fstrcpy(request.data.auth_crap.user, username); + + if (domain) { + fstrcpy(request.data.auth_crap.domain, domain); + } + + memcpy(request.data.auth_crap.chal, challenge, MIN(8, chal_len)); + + if (lm_hash) { + memcpy(request.data.auth_crap.lm_resp, lm_hash, + MIN(24, lm_len)); + request.data.auth_crap.lm_resp_len = 24; + } + + if (nt_hash) { + memcpy(request.data.auth_crap.nt_resp, nt_hash, + MIN(24, nt_len)); + request.data.auth_crap.nt_resp_len = 24; + } + + if (winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response) + != NSS_STATUS_SUCCESS) { + PyErr_SetString(winbind_error, "lookup failed"); + return NULL; + } + + return PyInt_FromLong(response.data.auth.nt_status); +} + #if 0 /* Include when auth_smbd merged to HEAD */ /* Challenge/response authentication, with secret */ @@ -712,6 +765,12 @@ "Authenticate a username and password using the challenge/response\n" "protocol. The NT status code is returned with zero indicating\n" "success." }, + { "auth_crap_hash", (PyCFunction)py_auth_crap_hash, METH_VARARGS, + "auth_crap_hash(s, s, s, s, s) -> int\n" +"\n" +"Authenticate a username, challenge and response hashes using the\n" +"challenge/response protocol. The NT status code is returned with\n" +"zero indicating success.\n" }, #if 0 /* Include when smbd_auth merged to HEAD */