diff options
| author | Simo Sorce <simo@redhat.com> | 2014-04-06 22:44:51 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
| commit | 8647a0c4c78e0816629b76ce004e3c82a0cd7a85 (patch) | |
| tree | 62c8591c0cbaa4e0004b5d737703daef4e9fa55b /src | |
| parent | 6b3900fae26a05824cbe874f79ec649f3b7a14f1 (diff) | |
| download | gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.tar.gz gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.tar.xz gss-ntlmssp-8647a0c4c78e0816629b76ce004e3c82a0cd7a85.zip | |
Do not send LM Response on auth to modern servers
If a server send a target_info field in a challenge message it means
it does not need nor want a LM Response.
See also MS-NLMP 3.1.5.1.2
The authenticate message must alwyas send a lm_chalresp and a nt_chalresp
fields in the header but they will be simply zero length, yet the payload
pointer must point to the valid payload area. (Windows server fail
authentication if the LM Response buffer offset is zero).
Diffstat (limited to 'src')
| -rw-r--r-- | src/gss_sec_ctx.c | 17 | ||||
| -rw-r--r-- | src/ntlm.c | 23 |
2 files changed, 23 insertions, 17 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index eeb9787..7bf87f5 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -445,13 +445,16 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, goto done; } - /* LMv2 Response */ - retmin = ntlmv2_compute_lm_response(&ntlmv2_key, - server_chal, client_chal, - &lm_chal_resp); - if (retmin) { - retmaj = GSS_S_FAILURE; - goto done; + if (target_info.length == 0) { + /* LMv2 Response + * (only sent if challenge response has not target_info*/ + retmin = ntlmv2_compute_lm_response(&ntlmv2_key, + server_chal, client_chal, + &lm_chal_resp); + if (retmin) { + retmaj = GSS_S_FAILURE; + goto done; + } } /* The NT proof is the first 16 bytes */ @@ -1127,6 +1127,7 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, { struct wire_auth_msg *msg; struct ntlm_buffer buffer; + struct ntlm_buffer empty_chalresp = { 0 }; size_t data_offs; size_t domain_name_len = 0; size_t user_name_len = 0; @@ -1139,9 +1140,13 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, if (lm_chalresp) { buffer.length += lm_chalresp->length; + } else { + lm_chalresp = &empty_chalresp; } if (nt_chalresp) { buffer.length += nt_chalresp->length; + } else { + nt_chalresp = &empty_chalresp; } if (domain_name) { domain_name_len = strlen(domain_name); @@ -1197,16 +1202,14 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, data_offs += mic->length; } - if (lm_chalresp) { - ret = ntlm_encode_field(&msg->lm_chalresp, &buffer, - &data_offs, lm_chalresp); - if (ret) goto done; - } - if (nt_chalresp) { - ret = ntlm_encode_field(&msg->nt_chalresp, &buffer, - &data_offs, nt_chalresp); - if (ret) goto done; - } + ret = ntlm_encode_field(&msg->lm_chalresp, &buffer, + &data_offs, lm_chalresp); + if (ret) goto done; + + ret = ntlm_encode_field(&msg->nt_chalresp, &buffer, + &data_offs, nt_chalresp); + if (ret) goto done; + if (domain_name_len) { if (flags & NTLMSSP_NEGOTIATE_UNICODE) { ret = ntlm_encode_ucs2_str_hdr(ctx, &msg->domain_name, |