diff options
| author | Simo Sorce <simo@redhat.com> | 2014-08-08 15:44:37 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-08-10 14:29:37 -0400 |
| commit | 5795f577aeb3a39f51bda9a3840a441ca2237307 (patch) | |
| tree | c8d90cc4cd018bc0853b87277057670d07c12588 | |
| parent | 5ba42f1a481a691b55a41125cfffdda3afc5f156 (diff) | |
| download | gss-ntlmssp-5795f577aeb3a39f51bda9a3840a441ca2237307.tar.gz gss-ntlmssp-5795f577aeb3a39f51bda9a3840a441ca2237307.tar.xz gss-ntlmssp-5795f577aeb3a39f51bda9a3840a441ca2237307.zip | |
Offer OEM charset support in the negotiate packet
But make sure to clear out flags once we receive the challenge packet
or we end up with both (OEM and UNICODE) flags set when we generate
the AUTH package.
Special care needs to be taken for DATAGRAM packets, as they are special.
| -rw-r--r-- | src/gss_ntlmssp.h | 1 | ||||
| -rw-r--r-- | src/gss_sec_ctx.c | 26 |
2 files changed, 26 insertions, 1 deletions
diff --git a/src/gss_ntlmssp.h b/src/gss_ntlmssp.h index 5777968..8bd16ef 100644 --- a/src/gss_ntlmssp.h +++ b/src/gss_ntlmssp.h @@ -41,6 +41,7 @@ NTLMSSP_NEGOTIATE_56 | \ NTLMSSP_NEGOTIATE_NTLM | \ NTLMSSP_REQUEST_TARGET | \ + NTLMSSP_NEGOTIATE_OEM | \ NTLMSSP_NEGOTIATE_UNICODE) #define NTLMSSP_DEFAULT_SERVER_FLAGS ( \ diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 9f1e989..75f6b43 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -217,7 +217,7 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, goto done; } - /* only in connecionless mode we may receive an input buffer + /* only in connectionless mode we may receive an input buffer * on the the first call, if DATAGRAM is not selected and * we have a buffer here, somethings wrong */ if (ctx->neg_flags & NTLMSSP_NEGOTIATE_DATAGRAM) { @@ -368,10 +368,34 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, retmaj = GSS_S_FAILURE; goto done; } + if ((in_flags & NTLMSSP_NEGOTIATE_OEM) && + (in_flags & NTLMSSP_NEGOTIATE_UNICODE)) { + /* prefer Unicode */ + in_flags &= ~NTLMSSP_NEGOTIATE_OEM; + } } else { in_flags &= ~NTLMSSP_NEGOTIATE_DATAGRAM; + + if ((in_flags & NTLMSSP_NEGOTIATE_OEM) && + (in_flags & NTLMSSP_NEGOTIATE_UNICODE)) { + /* server sent both?? This is broken, proceed only if there + * are no strings set in the challenge packet and downgrade + * to OEM charset hoping the server will cope */ + if (in_flags & (NTLMSSP_NEGOTIATE_TARGET_INFO | + NTLMSSP_TARGET_TYPE_SERVER | + NTLMSSP_TARGET_TYPE_DOMAIN)) { + retmaj = GSS_S_FAILURE; + goto done; + } else { + in_flags &= ~NTLMSSP_NEGOTIATE_UNICODE; + } + } } + /* Now that everything has been checked clear non + * negotiated flags */ + ctx->neg_flags &= in_flags; + retmaj = gssntlm_cli_auth(&retmin, ctx, cred, &target_info, in_flags, input_chan_bindings); if (retmaj) goto done; |