diff options
author | Simo Sorce <simo@redhat.com> | 2013-07-27 13:51:52 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-07-28 13:17:51 -0400 |
commit | e52754a84ad9320378d88e79be8d7ba139b30595 (patch) | |
tree | 99e1f4353ebc318c19408b0c11249b687f1d9f07 | |
parent | 976c19ccefe5053baee272de4ae136c0b4731c7c (diff) | |
download | gss-ntlmssp-e52754a84ad9320378d88e79be8d7ba139b30595.tar.gz gss-ntlmssp-e52754a84ad9320378d88e79be8d7ba139b30595.tar.xz gss-ntlmssp-e52754a84ad9320378d88e79be8d7ba139b30595.zip |
Helper function to check lm compatibility level
Also stop associating it with th creds struct.
-rw-r--r-- | src/gss_creds.c | 12 | ||||
-rw-r--r-- | src/gss_ntlmssp.c | 13 | ||||
-rw-r--r-- | src/gss_ntlmssp.h | 4 | ||||
-rw-r--r-- | src/gss_sec_ctx.c | 9 |
4 files changed, 21 insertions, 17 deletions
diff --git a/src/gss_creds.c b/src/gss_creds.c index 0372d72..b34b600 100644 --- a/src/gss_creds.c +++ b/src/gss_creds.c @@ -96,15 +96,7 @@ static int get_user_file_creds(struct gssntlm_name *name, ret = NTOWFv1(pwd, &cred->cred.user.nt_hash); if (ret) return ret; - envvar = getenv("LM_COMPAT_LEVEL"); - if (envvar != NULL) { - cred->lm_compatibility_level = atoi(envvar); - } else { - /* use the most secure setting by default */ - cred->lm_compatibility_level = SEC_LEVEL_MAX; - } - - if (cred->lm_compatibility_level < 3) { + if (gssntlm_get_lm_compatibility_level() < 3) { cred->cred.user.lm_hash.length = 16; ret = LMOWFv1(pwd, &cred->cred.user.lm_hash); if (ret) return ret; @@ -228,8 +220,6 @@ int gssntlm_copy_creds(struct gssntlm_cred *in, struct gssntlm_cred *out) } out->type = in->type; - out->lm_compatibility_level = in->lm_compatibility_level; - done: if (ret) { safefree(dom); diff --git a/src/gss_ntlmssp.c b/src/gss_ntlmssp.c index 10e9f70..36a623e 100644 --- a/src/gss_ntlmssp.c +++ b/src/gss_ntlmssp.c @@ -80,3 +80,16 @@ uint32_t gssntlm_context_is_valid(struct gssntlm_ctx *ctx, time_t *time_now) if (time_now) *time_now = now; return GSS_S_COMPLETE; } + +int gssntlm_get_lm_compatibility_level(void) +{ + const char *envvar; + + envvar = getenv("LM_COMPAT_LEVEL"); + if (envvar != NULL) { + return atoi(envvar); + } + + /* use the most secure setting by default */ + return SEC_LEVEL_MAX; +} diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h index 681db98..0701342 100644 --- a/src/gss_ntlmssp.h +++ b/src/gss_ntlmssp.h @@ -81,8 +81,6 @@ struct gssntlm_cred { int dummy; } server; } cred; - - int lm_compatibility_level; }; struct gssntlm_signseal { @@ -138,6 +136,8 @@ uint8_t gssntlm_required_security(int security_level, uint32_t gssntlm_context_is_valid(struct gssntlm_ctx *ctx, time_t *time_now); +int gssntlm_get_lm_compatibility_level(void); + void gssntlm_int_release_cred(struct gssntlm_cred *cred); int gssntlm_copy_creds(struct gssntlm_cred *in, struct gssntlm_cred *out); diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 948c58d..5ee4964 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -58,6 +58,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, struct ntlm_buffer enc_sess_key = { 0 }; struct ntlm_key encrypted_random_session_key = { .length = 16 }; struct ntlm_key key_exchange_key = { .length = 16 }; + int lm_compat_lvl; uint32_t tmpmin; uint32_t retmin = 0; uint32_t retmaj = 0; @@ -162,8 +163,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, workstation = ctx->workstation; } - sec_req = gssntlm_required_security(cred->lm_compatibility_level, - ctx->role); + lm_compat_lvl = gssntlm_get_lm_compatibility_level(); + sec_req = gssntlm_required_security(lm_compat_lvl, ctx->role); if (sec_req == 0xff) { retmaj = GSS_S_FAILURE; goto done; @@ -237,8 +238,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, goto done; } - sec_req = gssntlm_required_security(ctx->cred.lm_compatibility_level, - ctx->role); + lm_compat_lvl = gssntlm_get_lm_compatibility_level(); + sec_req = gssntlm_required_security(lm_compat_lvl, ctx->role); if (sec_req == 0xff) { retmaj = GSS_S_FAILURE; goto done; |