diff options
| author | Simo Sorce <simo@redhat.com> | 2014-04-05 16:24:52 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
| commit | bc52b7a308c90cfdd8dfcd8dab09c67bcd578de2 (patch) | |
| tree | 44135cbd9e24b983c7ff2f2993b00160179ff2a6 | |
| parent | 2fef5bb26b1141f0f42bb5cb488c0eaa06a76d78 (diff) | |
| download | gss-ntlmssp-bc52b7a308c90cfdd8dfcd8dab09c67bcd578de2.tar.gz gss-ntlmssp-bc52b7a308c90cfdd8dfcd8dab09c67bcd578de2.tar.xz gss-ntlmssp-bc52b7a308c90cfdd8dfcd8dab09c67bcd578de2.zip | |
Add support for setting CBT in the client
| -rw-r--r-- | src/gss_sec_ctx.c | 18 | ||||
| -rw-r--r-- | src/ntlm.c | 10 | ||||
| -rw-r--r-- | src/ntlm.h | 2 |
3 files changed, 28 insertions, 2 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 9c4a1a0..d659900 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -51,6 +51,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, struct ntlm_buffer target_info = { 0 }; struct ntlm_buffer client_target_info = { 0 }; const char *server_name = NULL; + struct ntlm_buffer cb = { 0 }; uint64_t srv_time = 0; struct ntlm_buffer nt_chal_resp = { 0 }; struct ntlm_buffer lm_chal_resp = { 0 }; @@ -396,9 +397,24 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, } if (target_info.length > 0) { + + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) { + if (input_chan_bindings->initiator_addrtype != 0 || + input_chan_bindings->initiator_address.length != 0 || + input_chan_bindings->acceptor_addrtype != 0 || + input_chan_bindings->acceptor_address.length != 0 || + input_chan_bindings->application_data.length == 0) { + retmin = EINVAL; + retmaj = GSS_S_BAD_BINDINGS; + goto done; + } + cb.length = input_chan_bindings->application_data.length; + cb.data = input_chan_bindings->application_data.value; + } + retmin = ntlm_process_target_info(ctx->ntlm, &target_info, - server_name, + server_name, &cb, &client_target_info, &srv_time, protect ? &add_mic: NULL); @@ -799,6 +799,7 @@ done: int ntlm_process_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *in, const char *server, + struct ntlm_buffer *unhashed_cb, struct ntlm_buffer *out, uint64_t *out_srv_time, bool *add_mic) @@ -811,6 +812,8 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, char *av_target_name = NULL; uint32_t av_flags = 0; uint64_t srv_time = 0; + uint8_t cb[16] = { 0 }; + struct ntlm_buffer av_cb = { cb, 16 }; int ret = 0; /* TODO: check that returned netbios/dns names match ? */ @@ -837,6 +840,11 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, *add_mic = true; } + if (unhashed_cb->length > 0) { + ret = ntlm_hash_channel_bindings(unhashed_cb, &av_cb); + if (ret) goto done; + } + if (!av_target_name && server) { av_target_name = strdup(server); if (!av_target_name) { @@ -851,7 +859,7 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, nb_computer_name, nb_domain_name, dns_computer_name, dns_domain_name, dns_tree_name, &av_flags, &srv_time, - NULL, av_target_name, NULL, out); + NULL, av_target_name, &av_cb, out); done: safefree(nb_computer_name); @@ -538,6 +538,7 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, * @param ctx The ntlm context * @param in A ntlm_buffer containing the received info * @param server The Client Supplied Server Name if available + * @param unhashed_cb A ntlm_buffer with channel binding data * @param out The processed target_info buffer * @param out_srv_time A 64 bit FILETIME timestamp * @param add_mic A pointer to a boolean. If NULL MIC flags will @@ -549,6 +550,7 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, int ntlm_process_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *in, const char *server, + struct ntlm_buffer *unhashed_cb, struct ntlm_buffer *out, uint64_t *out_srv_time, bool *add_mic); |