summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/ntlm.c68
-rw-r--r--src/ntlm.h23
2 files changed, 91 insertions, 0 deletions
diff --git a/src/ntlm.c b/src/ntlm.c
index ca4a415..9cb3814 100644
--- a/src/ntlm.c
+++ b/src/ntlm.c
@@ -842,6 +842,74 @@ done:
return ret;
}
+int ntlm_process_target_info(struct ntlm_ctx *ctx,
+ struct ntlm_buffer *in,
+ const char *server,
+ struct ntlm_buffer *out,
+ uint64_t *out_srv_time,
+ bool *add_mic)
+{
+ char *nb_computer_name = NULL;
+ char *nb_domain_name = NULL;
+ char *dns_computer_name = NULL;
+ char *dns_domain_name = NULL;
+ char *dns_tree_name = NULL;
+ char *av_target_name = NULL;
+ uint32_t av_flags = 0;
+ uint64_t srv_time = 0;
+ int ret = 0;
+
+ /* TODO: check that returned netbios/dns names match ? */
+ /* TODO: support SingleHost buffers */
+ ret = ntlm_decode_target_info(ctx, in,
+ &nb_computer_name, &nb_domain_name,
+ &dns_computer_name, &dns_domain_name,
+ &dns_tree_name, &av_target_name,
+ &av_flags, &srv_time, NULL, NULL);
+ if (ret) goto done;
+
+ if (server && av_target_name) {
+ if (strcasecmp(server, av_target_name) != 0) {
+ ret = EINVAL;
+ goto done;
+ }
+ }
+
+ /* the server did not send the timestamp, use current time */
+ if (srv_time == 0) {
+ srv_time = ntlm_timestamp_now();
+ } else {
+ av_flags |= MSVAVFLAGS_MIC_PRESENT;
+ *add_mic = true;
+ }
+
+ if (!av_target_name && server) {
+ av_target_name = strdup(server);
+ if (!av_target_name) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ /* TODO: add way to tell if the target name is verified o not,
+ * if not set av_flags |= MSVAVFLAGS_UNVERIFIED_SPN; */
+
+ ret = ntlm_encode_target_info(ctx,
+ nb_computer_name, nb_domain_name,
+ dns_computer_name, dns_domain_name,
+ dns_tree_name, &av_flags, &srv_time,
+ NULL, av_target_name, NULL, out);
+
+done:
+ safefree(nb_computer_name);
+ safefree(nb_domain_name);
+ safefree(dns_computer_name);
+ safefree(dns_domain_name);
+ safefree(dns_tree_name);
+ safefree(av_target_name);
+ *out_srv_time = srv_time;
+ return ret;
+}
+
int ntlm_decode_msg_type(struct ntlm_ctx *ctx,
struct ntlm_buffer *buffer,
uint32_t *type)
diff --git a/src/ntlm.h b/src/ntlm.h
index 2275d62..a771123 100644
--- a/src/ntlm.h
+++ b/src/ntlm.h
@@ -75,6 +75,10 @@
#define CHALLENGE_MESSAGE 0x00000002
#define AUTHENTICATE_MESSAGE 0x00000003
+#define MSVAVFLAGS_AUTH_CONSTRAINED 0x01
+#define MSVAVFLAGS_MIC_PRESENT 0x02
+#define MSVAVFLAGS_UNVERIFIED_SPN 0x04
+
struct ntlm_ctx;
@@ -470,6 +474,25 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer,
struct ntlm_buffer *av_cb);
/**
+ * @brief A utility function to process a target_info structure
+ *
+ * @param ctx The ntlm context
+ * @param in A ntlm_buffer containing the received info
+ * @param server The Client Supplied Server Name if available
+ * @param out The processed target_info buffer
+ * @param out_srv_time A 64 bit FILETIME timestamp
+ * @param add_mic Whether the caller should generate a MIC
+ *
+ * @return 0 if everyting parses correctly, or an error code
+ */
+int ntlm_process_target_info(struct ntlm_ctx *ctx,
+ struct ntlm_buffer *in,
+ const char *server,
+ struct ntlm_buffer *out,
+ uint64_t *out_srv_time,
+ bool *add_mic);
+
+/**
* @brief Verifies the message signature is valid and the message
* in sequence with the expected state
*