diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-05 21:31:49 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-08-07 12:44:46 -0400 |
commit | 121cd303f238d47ff6392c76fa4597794305e2e4 (patch) | |
tree | 8db5b9e1faa325093fe28c76a69076f0c175f528 | |
parent | c4b8b3218229d425ed81caf8ec652a84ed4c8457 (diff) | |
download | gss-ntlmssp-121cd303f238d47ff6392c76fa4597794305e2e4.tar.gz gss-ntlmssp-121cd303f238d47ff6392c76fa4597794305e2e4.tar.xz gss-ntlmssp-121cd303f238d47ff6392c76fa4597794305e2e4.zip |
Fix NTLMv1 client auth
The worn nt/lm response buffers were being used after the version
specific processing. Use always the same buffers for both protocols
to avoid issues.
-rw-r--r-- | src/gss_auth.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/src/gss_auth.c b/src/gss_auth.c index f6faa0f..9874431 100644 --- a/src/gss_auth.c +++ b/src/gss_auth.c @@ -164,15 +164,21 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, } else { /* ### NTLMv1 ### */ uint8_t client_chal[8]; - uint8_t nt_resp_buf[24]; - uint8_t lm_resp_buf[24]; struct ntlm_buffer cli_chal = { client_chal, 8 }; - struct ntlm_buffer nt_response = { nt_resp_buf, 24 }; - struct ntlm_buffer lm_response = { lm_resp_buf, 24 }; struct ntlm_key session_base_key = { .length = 16 }; bool NoLMResponseNTLMv1 = true; /* FIXME: get from conf/env */ bool ext_sec; + nt_chal_resp.length = 24; + nt_chal_resp.data = calloc(1, nt_chal_resp.length); + lm_chal_resp.length = 24; + lm_chal_resp.data = calloc(1, lm_chal_resp.length); + if (!nt_chal_resp.data || !lm_chal_resp.data) { + retmin = ENOMEM; + retmaj = GSS_S_FAILURE; + goto done; + } + /* Random client challenge */ retmin = RAND_BUFFER(&cli_chal); if (retmin) { @@ -184,18 +190,18 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, retmin = ntlm_compute_nt_response(&cred->cred.user.nt_hash, ext_sec, ctx->server_chal, - client_chal, &nt_response); + client_chal, &nt_chal_resp); if (retmin) { retmaj = GSS_S_FAILURE; goto done; } if (!ext_sec && NoLMResponseNTLMv1) { - memcpy(lm_response.data, nt_response.data, 24); + memcpy(lm_chal_resp.data, nt_chal_resp.data, 24); } else { retmin = ntlm_compute_lm_response(&cred->cred.user.lm_hash, ext_sec, ctx->server_chal, - client_chal, &lm_response); + client_chal, &lm_chal_resp); if (retmin) { retmaj = GSS_S_FAILURE; goto done; @@ -213,7 +219,8 @@ uint32_t gssntlm_cli_auth(uint32_t *minor, (in_flags & NTLMSSP_NEGOTIATE_LM_KEY), (in_flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY), ctx->server_chal, &cred->cred.user.lm_hash, - &session_base_key, &lm_response, &key_exchange_key); + &session_base_key, &lm_chal_resp, + &key_exchange_key); if (retmin) { retmaj = GSS_S_FAILURE; goto done; |