diff options
| author | Simo Sorce <simo@redhat.com> | 2014-03-26 23:46:04 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
| commit | 21307dc11da9a5cf75167e125aae5c8afa9d6e9d (patch) | |
| tree | 72aab629c53df5d1a86fb5a2801b358b93f20eb5 | |
| parent | 6c31661097c7aac2729ed2a5a6e3a8856b5ae15c (diff) | |
| download | gss-ntlmssp-21307dc11da9a5cf75167e125aae5c8afa9d6e9d.tar.gz gss-ntlmssp-21307dc11da9a5cf75167e125aae5c8afa9d6e9d.tar.xz gss-ntlmssp-21307dc11da9a5cf75167e125aae5c8afa9d6e9d.zip | |
Compute MIC in the client when requested
| -rw-r--r-- | src/gss_sec_ctx.c | 23 | ||||
| -rw-r--r-- | src/ntlm.c | 5 |
2 files changed, 24 insertions, 4 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index df02530..92dd981 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -57,6 +57,9 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, struct ntlm_buffer enc_sess_key = { 0 }; struct ntlm_key encrypted_random_session_key = { .length = 16 }; struct ntlm_key key_exchange_key = { .length = 16 }; + struct ntlm_buffer auth_mic = { NULL, 16 }; + uint8_t micbuf[16]; + struct ntlm_buffer mic = { micbuf, 16 }; int lm_compat_lvl; uint32_t tmpmin; uint32_t retmin = 0; @@ -562,8 +565,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } } - /* TODO: Compute MIC if necessary */ - /* in_flags all verified, assign as current flags */ ctx->neg_flags |= in_flags; @@ -581,13 +582,29 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, &lm_chal_resp, &nt_chal_resp, cred->cred.user.user.data.user.domain, cred->cred.user.user.data.user.name, - ctx->workstation, &enc_sess_key, NULL, + ctx->workstation, &enc_sess_key, + add_mic ? &auth_mic : NULL, &ctx->auth_msg); if (retmin) { retmaj = GSS_S_FAILURE; goto done; } + /* Now we need to calculate the MIC, because the MIC is part of the + * message it protects, ntlm_encode_auth_msg() always add a zeroeth + * buffer, however it returns in data_mic the pointer to the actual + * area in the auth_msg that points at the mic, so we can backfill */ + if (add_mic) { + retmin = ntlm_mic(&ctx->exported_session_key, &ctx->nego_msg, + &ctx->chal_msg, &ctx->auth_msg, &mic); + if (retmin) { + retmaj = GSS_S_FAILURE; + goto done; + } + /* now that we have the mic, copy it into the auth message */ + memcpy(auth_mic.data, mic.data, 16); + } + ctx->stage = NTLMSSP_STAGE_DONE; output_token->value = malloc(ctx->auth_msg.length); @@ -1231,7 +1231,10 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, /* this must be second as it pushes the payload further down */ if (mic) { - memcpy(&buffer.data[data_offs], mic->data, mic->length); + memset(&buffer.data[data_offs], 0, mic->length); + /* return the actual pointer back in the mic, as it will + * be backfilled later by the caller */ + mic->data = &buffer.data[data_offs]; data_offs += mic->length; } |