diff options
| author | Simo Sorce <simo@redhat.com> | 2014-03-26 23:31:45 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
| commit | ae3dda499ad8bd9f30d2506434dd3f8c4e72ba24 (patch) | |
| tree | aad52385766a1c702526cb851c6ffe33fe7d3108 | |
| parent | bc52b7a308c90cfdd8dfcd8dab09c67bcd578de2 (diff) | |
| download | gss-ntlmssp-ae3dda499ad8bd9f30d2506434dd3f8c4e72ba24.tar.gz gss-ntlmssp-ae3dda499ad8bd9f30d2506434dd3f8c4e72ba24.tar.xz gss-ntlmssp-ae3dda499ad8bd9f30d2506434dd3f8c4e72ba24.zip | |
Verify Channel Bindings in accept_sec_context
| -rw-r--r-- | src/gss_sec_ctx.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index d659900..800d37e 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -766,6 +766,8 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, uint32_t in_flags; uint32_t msg_type; uint32_t av_flags = 0; + struct ntlm_buffer unhashed_cb = { 0 }; + struct ntlm_buffer av_cb = { 0 }; uint8_t sec_req; char *p; @@ -1028,7 +1030,7 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, retmin = ntlm_decode_target_info(ctx->ntlm, &target_info, NULL, NULL, NULL, NULL, NULL, NULL, &av_flags, - NULL, NULL, NULL); + NULL, NULL, &av_cb); if (retmin) { retmaj = GSS_S_FAILURE; goto done; @@ -1202,6 +1204,27 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, } } + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) { + if (input_chan_bindings->initiator_addrtype != 0 || + input_chan_bindings->initiator_address.length != 0 || + input_chan_bindings->acceptor_addrtype != 0 || + input_chan_bindings->acceptor_address.length != 0 || + input_chan_bindings->application_data.length == 0) { + retmin = EINVAL; + retmaj = GSS_S_BAD_BINDINGS; + goto done; + } + unhashed_cb.length = input_chan_bindings->application_data.length; + unhashed_cb.data = input_chan_bindings->application_data.value; + + /* TODO: optionally allow to ignore CBT if av_cb is null ? */ + retmin = ntlm_verify_channel_bindings(&unhashed_cb, &av_cb); + if (retmin) { + retmaj = GSS_S_DEFECTIVE_TOKEN; + goto done; + } + } + if (ctx->neg_flags & (NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL)) { retmin = ntlm_signseal_keys(ctx->neg_flags, false, |