diff options
| author | Simo Sorce <simo@redhat.com> | 2014-03-26 23:21:02 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
| commit | 7599eeea0cc35942df0d7be1749664d357139a1a (patch) | |
| tree | 8a8279f9426d28a0b691cf0503b12bed38c4df0d | |
| parent | 6730808cacf0dfbafcd133c4d4032db6b619a324 (diff) | |
| download | gss-ntlmssp-7599eeea0cc35942df0d7be1749664d357139a1a.tar.gz gss-ntlmssp-7599eeea0cc35942df0d7be1749664d357139a1a.tar.xz gss-ntlmssp-7599eeea0cc35942df0d7be1749664d357139a1a.zip | |
Augment target_info processing with a utility
Thi re-encoded the target_info structure at the client side adding
additional provisions of MS-NLMP 3.1.5.2.1
That is:
- generate indication that a MIC is requested by the server
- add ClientSuppliedTargetName data
| -rw-r--r-- | src/ntlm.c | 68 | ||||
| -rw-r--r-- | src/ntlm.h | 23 |
2 files changed, 91 insertions, 0 deletions
@@ -842,6 +842,74 @@ done: return ret; } +int ntlm_process_target_info(struct ntlm_ctx *ctx, + struct ntlm_buffer *in, + const char *server, + struct ntlm_buffer *out, + uint64_t *out_srv_time, + bool *add_mic) +{ + char *nb_computer_name = NULL; + char *nb_domain_name = NULL; + char *dns_computer_name = NULL; + char *dns_domain_name = NULL; + char *dns_tree_name = NULL; + char *av_target_name = NULL; + uint32_t av_flags = 0; + uint64_t srv_time = 0; + int ret = 0; + + /* TODO: check that returned netbios/dns names match ? */ + /* TODO: support SingleHost buffers */ + ret = ntlm_decode_target_info(ctx, in, + &nb_computer_name, &nb_domain_name, + &dns_computer_name, &dns_domain_name, + &dns_tree_name, &av_target_name, + &av_flags, &srv_time, NULL, NULL); + if (ret) goto done; + + if (server && av_target_name) { + if (strcasecmp(server, av_target_name) != 0) { + ret = EINVAL; + goto done; + } + } + + /* the server did not send the timestamp, use current time */ + if (srv_time == 0) { + srv_time = ntlm_timestamp_now(); + } else { + av_flags |= MSVAVFLAGS_MIC_PRESENT; + *add_mic = true; + } + + if (!av_target_name && server) { + av_target_name = strdup(server); + if (!av_target_name) { + ret = ENOMEM; + goto done; + } + } + /* TODO: add way to tell if the target name is verified o not, + * if not set av_flags |= MSVAVFLAGS_UNVERIFIED_SPN; */ + + ret = ntlm_encode_target_info(ctx, + nb_computer_name, nb_domain_name, + dns_computer_name, dns_domain_name, + dns_tree_name, &av_flags, &srv_time, + NULL, av_target_name, NULL, out); + +done: + safefree(nb_computer_name); + safefree(nb_domain_name); + safefree(dns_computer_name); + safefree(dns_domain_name); + safefree(dns_tree_name); + safefree(av_target_name); + *out_srv_time = srv_time; + return ret; +} + int ntlm_decode_msg_type(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, uint32_t *type) @@ -75,6 +75,10 @@ #define CHALLENGE_MESSAGE 0x00000002 #define AUTHENTICATE_MESSAGE 0x00000003 +#define MSVAVFLAGS_AUTH_CONSTRAINED 0x01 +#define MSVAVFLAGS_MIC_PRESENT 0x02 +#define MSVAVFLAGS_UNVERIFIED_SPN 0x04 + struct ntlm_ctx; @@ -470,6 +474,25 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, struct ntlm_buffer *av_cb); /** + * @brief A utility function to process a target_info structure + * + * @param ctx The ntlm context + * @param in A ntlm_buffer containing the received info + * @param server The Client Supplied Server Name if available + * @param out The processed target_info buffer + * @param out_srv_time A 64 bit FILETIME timestamp + * @param add_mic Whether the caller should generate a MIC + * + * @return 0 if everyting parses correctly, or an error code + */ +int ntlm_process_target_info(struct ntlm_ctx *ctx, + struct ntlm_buffer *in, + const char *server, + struct ntlm_buffer *out, + uint64_t *out_srv_time, + bool *add_mic); + +/** * @brief Verifies the message signature is valid and the message * in sequence with the expected state * |