diff options
author | Simo Sorce <simo@redhat.com> | 2014-04-05 13:55:51 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-05-04 17:21:06 -0400 |
commit | 85630731acc397079355d1aed94d04140c34a72c (patch) | |
tree | 67f886495f8cfa3b2d3b441601193f2c6c600bd5 /src | |
parent | 7342ec8ab496269c4e5d0c1a3fbc4dc2a5c69c2d (diff) | |
download | gss-ntlmssp-85630731acc397079355d1aed94d04140c34a72c.tar.gz gss-ntlmssp-85630731acc397079355d1aed94d04140c34a72c.tar.xz gss-ntlmssp-85630731acc397079355d1aed94d04140c34a72c.zip |
Retry auth with NULL Domain as per spec
Diffstat (limited to 'src')
-rw-r--r-- | src/gss_sec_ctx.c | 60 |
1 files changed, 37 insertions, 23 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 69e2444..50f5fa3 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -1026,6 +1026,7 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, char useratdom[1024]; size_t ulen, dlen, uadlen; gss_buffer_desc usrname; + int retries; if (!dom_name) { dom_name = strdup(""); @@ -1075,32 +1076,45 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, goto done; } - /* NTLMv2 Key */ - retmin = NTOWFv2(ctx->ntlm, &usr_cred->cred.user.nt_hash, - usr_cred->cred.user.user.data.user.name, - usr_cred->cred.user.user.data.user.domain, - &ntlmv2_key); - if (retmin) { - retmaj = GSS_S_FAILURE; - goto done; - } + for (retries = 2; retries > 0; retries--) { + const char *domstr; - /* NTLMv2 Response */ - retmin = ntlmv2_verify_nt_response(&nt_chal_resp, &ntlmv2_key, - ctx->server_chal); - if (retmin) { - retmaj = GSS_S_FAILURE; - goto done; - } + if (retries == 2) { + domstr = usr_cred->cred.user.user.data.user.domain; + } else { + domstr = NULL; + } - /* FIXME: retries using NULL as domain name in case of failure */ + /* NTLMv2 Key */ + retmin = NTOWFv2(ctx->ntlm, &usr_cred->cred.user.nt_hash, + usr_cred->cred.user.user.data.user.name, + domstr, &ntlmv2_key); + if (retmin) { + retmaj = GSS_S_FAILURE; + goto done; + } - /* LMv2 Response */ - retmin = ntlmv2_verify_lm_response(&lm_chal_resp, &ntlmv2_key, - ctx->server_chal); - if (retmin) { - retmaj = GSS_S_FAILURE; - goto done; + /* NTLMv2 Response */ + retmin = ntlmv2_verify_nt_response(&nt_chal_resp, + &ntlmv2_key, + ctx->server_chal); + if (retmin == 0) { + break; + } else { + if (ctx->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { + /* LMv2 Response */ + retmin = ntlmv2_verify_lm_response(&lm_chal_resp, + &ntlmv2_key, + ctx->server_chal); + if (retmin == 0) { + break; + } + } + } + if (retmin && retries < 2) { + retmaj = GSS_S_FAILURE; + goto done; + } } /* The NT proof is the first 16 bytes */ |