diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-06 22:44:51 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
commit | 8647a0c4c78e0816629b76ce004e3c82a0cd7a85 (patch) | |
tree | 62c8591c0cbaa4e0004b5d737703daef4e9fa55b /src/ntlm.c | |
parent | 6b3900fae26a05824cbe874f79ec649f3b7a14f1 (diff) | |
download | gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.tar.gz gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.tar.xz gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.zip |
Do not send LM Response on auth to modern servers
If a server send a target_info field in a challenge message it means
it does not need nor want a LM Response.
See also MS-NLMP 3.1.5.1.2
The authenticate message must alwyas send a lm_chalresp and a nt_chalresp
fields in the header but they will be simply zero length, yet the payload
pointer must point to the valid payload area. (Windows server fail
authentication if the LM Response buffer offset is zero).
Diffstat (limited to 'src/ntlm.c')
-rw-r--r-- | src/ntlm.c | 23 |
1 files changed, 13 insertions, 10 deletions
@@ -1127,6 +1127,7 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, { struct wire_auth_msg *msg; struct ntlm_buffer buffer; + struct ntlm_buffer empty_chalresp = { 0 }; size_t data_offs; size_t domain_name_len = 0; size_t user_name_len = 0; @@ -1139,9 +1140,13 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, if (lm_chalresp) { buffer.length += lm_chalresp->length; + } else { + lm_chalresp = &empty_chalresp; } if (nt_chalresp) { buffer.length += nt_chalresp->length; + } else { + nt_chalresp = &empty_chalresp; } if (domain_name) { domain_name_len = strlen(domain_name); @@ -1197,16 +1202,14 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, data_offs += mic->length; } - if (lm_chalresp) { - ret = ntlm_encode_field(&msg->lm_chalresp, &buffer, - &data_offs, lm_chalresp); - if (ret) goto done; - } - if (nt_chalresp) { - ret = ntlm_encode_field(&msg->nt_chalresp, &buffer, - &data_offs, nt_chalresp); - if (ret) goto done; - } + ret = ntlm_encode_field(&msg->lm_chalresp, &buffer, + &data_offs, lm_chalresp); + if (ret) goto done; + + ret = ntlm_encode_field(&msg->nt_chalresp, &buffer, + &data_offs, nt_chalresp); + if (ret) goto done; + if (domain_name_len) { if (flags & NTLMSSP_NEGOTIATE_UNICODE) { ret = ntlm_encode_ucs2_str_hdr(ctx, &msg->domain_name, |