diff options
-rw-r--r-- | src/ntlm.c | 68 | ||||
-rw-r--r-- | src/ntlm.h | 23 |
2 files changed, 91 insertions, 0 deletions
@@ -842,6 +842,74 @@ done: return ret; } +int ntlm_process_target_info(struct ntlm_ctx *ctx, + struct ntlm_buffer *in, + const char *server, + struct ntlm_buffer *out, + uint64_t *out_srv_time, + bool *add_mic) +{ + char *nb_computer_name = NULL; + char *nb_domain_name = NULL; + char *dns_computer_name = NULL; + char *dns_domain_name = NULL; + char *dns_tree_name = NULL; + char *av_target_name = NULL; + uint32_t av_flags = 0; + uint64_t srv_time = 0; + int ret = 0; + + /* TODO: check that returned netbios/dns names match ? */ + /* TODO: support SingleHost buffers */ + ret = ntlm_decode_target_info(ctx, in, + &nb_computer_name, &nb_domain_name, + &dns_computer_name, &dns_domain_name, + &dns_tree_name, &av_target_name, + &av_flags, &srv_time, NULL, NULL); + if (ret) goto done; + + if (server && av_target_name) { + if (strcasecmp(server, av_target_name) != 0) { + ret = EINVAL; + goto done; + } + } + + /* the server did not send the timestamp, use current time */ + if (srv_time == 0) { + srv_time = ntlm_timestamp_now(); + } else { + av_flags |= MSVAVFLAGS_MIC_PRESENT; + *add_mic = true; + } + + if (!av_target_name && server) { + av_target_name = strdup(server); + if (!av_target_name) { + ret = ENOMEM; + goto done; + } + } + /* TODO: add way to tell if the target name is verified o not, + * if not set av_flags |= MSVAVFLAGS_UNVERIFIED_SPN; */ + + ret = ntlm_encode_target_info(ctx, + nb_computer_name, nb_domain_name, + dns_computer_name, dns_domain_name, + dns_tree_name, &av_flags, &srv_time, + NULL, av_target_name, NULL, out); + +done: + safefree(nb_computer_name); + safefree(nb_domain_name); + safefree(dns_computer_name); + safefree(dns_domain_name); + safefree(dns_tree_name); + safefree(av_target_name); + *out_srv_time = srv_time; + return ret; +} + int ntlm_decode_msg_type(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, uint32_t *type) @@ -75,6 +75,10 @@ #define CHALLENGE_MESSAGE 0x00000002 #define AUTHENTICATE_MESSAGE 0x00000003 +#define MSVAVFLAGS_AUTH_CONSTRAINED 0x01 +#define MSVAVFLAGS_MIC_PRESENT 0x02 +#define MSVAVFLAGS_UNVERIFIED_SPN 0x04 + struct ntlm_ctx; @@ -470,6 +474,25 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, struct ntlm_buffer *av_cb); /** + * @brief A utility function to process a target_info structure + * + * @param ctx The ntlm context + * @param in A ntlm_buffer containing the received info + * @param server The Client Supplied Server Name if available + * @param out The processed target_info buffer + * @param out_srv_time A 64 bit FILETIME timestamp + * @param add_mic Whether the caller should generate a MIC + * + * @return 0 if everyting parses correctly, or an error code + */ +int ntlm_process_target_info(struct ntlm_ctx *ctx, + struct ntlm_buffer *in, + const char *server, + struct ntlm_buffer *out, + uint64_t *out_srv_time, + bool *add_mic); + +/** * @brief Verifies the message signature is valid and the message * in sequence with the expected state * |