diff options
author | Simo Sorce <simo@redhat.com> | 2014-08-06 11:32:30 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-08-07 12:44:47 -0400 |
commit | 54b51d7c10d1a28fce0819eb085ba93af67ecbd8 (patch) | |
tree | 037105726e7e54d4a8603cb5b3951d351be0d28f /src | |
parent | 6a052f305734d648103275157a64961d51aaabbe (diff) | |
download | gss-ntlmssp-54b51d7c10d1a28fce0819eb085ba93af67ecbd8.tar.gz gss-ntlmssp-54b51d7c10d1a28fce0819eb085ba93af67ecbd8.tar.xz gss-ntlmssp-54b51d7c10d1a28fce0819eb085ba93af67ecbd8.zip |
Fix winbindd NTLMv1 Extended Security auth
In the ntlmv1 extended security case, winbindd wants a
pre-digested challenge, this is arguably a bug as Winbind has all
the data it needs to compute it by itself ... oh well, just cope.
Thanks to David Woodhouse for finding this out.
Diffstat (limited to 'src')
-rw-r--r-- | src/external.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/external.c b/src/external.c index 02c54f1..da32570 100644 --- a/src/external.c +++ b/src/external.c @@ -51,9 +51,28 @@ uint32_t external_srv_auth(struct gssntlm_ctx *ctx, struct ntlm_key *session_base_key) { #if HAVE_WBCLIENT + uint8_t challenge[8]; + uint8_t *chal_ptr; + + /* NOTE: in the ntlmv1 extended security case, winbindd wants a + * pre-digested challenge, this is arguably a bug as it has all + * the data needed to compute it by itself ... just cope */ + if (is_ntlm_v1(nt_chal_resp) && + (ctx->neg_flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) ) { + int ret; + + ret = ntlm_compute_ext_sec_challenge(ctx->server_chal, + lm_chal_resp->data, + challenge); + if (ret) return ret; + chal_ptr = challenge; + } else { + chal_ptr = ctx->server_chal; + } + return winbind_srv_auth(cred->cred.external.user.data.user.name, cred->cred.external.user.data.user.domain, - ctx->workstation, ctx->server_chal, + ctx->workstation, chal_ptr, nt_chal_resp, lm_chal_resp, session_base_key); #else return ENOSYS; |