diff options
-rw-r--r-- | src/gss_sec_ctx.c | 2 | ||||
-rw-r--r-- | src/ntlm.c | 22 | ||||
-rw-r--r-- | src/ntlm.h | 2 | ||||
-rw-r--r-- | src/ntlm_common.h | 30 | ||||
-rw-r--r-- | src/ntlm_crypto.c | 29 | ||||
-rw-r--r-- | tests/ntlmssptest.c | 2 |
6 files changed, 56 insertions, 31 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 4400bc7..a036242 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -1001,7 +1001,7 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status, ctx->neg_flags, &lm_chal_resp, &nt_chal_resp, &dom_name, &usr_name, &wks_name, - &enc_sess_key, &mic); + &enc_sess_key, &target_info, &mic); if (retmin) { retmaj = GSS_S_DEFECTIVE_TOKEN; goto done; @@ -1307,6 +1307,7 @@ int ntlm_decode_auth_msg(struct ntlm_ctx *ctx, char **domain_name, char **user_name, char **workstation, struct ntlm_buffer *enc_sess_key, + struct ntlm_buffer *target_info, struct ntlm_buffer *mic) { struct wire_auth_msg *msg; @@ -1353,6 +1354,27 @@ int ntlm_decode_auth_msg(struct ntlm_ctx *ctx, ret = ntlm_decode_field(&msg->nt_chalresp, buffer, payload_offs, nt_chalresp); if (ret) goto done; + + if (target_info) { + union wire_ntlm_response *resp; + struct wire_ntlmv2_cli_chal *chal; + uint8_t *data; + int len; + resp = (union wire_ntlm_response *)nt_chalresp->data; + chal = (struct wire_ntlmv2_cli_chal *)resp->v2.cli_chal; + len = nt_chalresp->length - sizeof(resp->v2.resp) + - offsetof(struct wire_ntlmv2_cli_chal, target_info); + if (len > 0) { + data = chal->target_info; + target_info->data = malloc(len); + if (!target_info->data) { + ret = ENOMEM; + goto done; + } + memcpy(target_info->data, data, len); + target_info->length = len; + } + } } if (msg->domain_name.len != 0 && domain_name) { if (flags & NTLMSSP_NEGOTIATE_UNICODE) { @@ -666,6 +666,7 @@ int ntlm_encode_auth_msg(struct ntlm_ctx *ctx, * @param user_name The User name * @param workstation The Workstation name * @param enc_sess_key The session key + * @param target_info The target_info AV_PAIR embedded in the NT Response * @param mic A MIC of the messages * Passing a pointer to a mic means the caller has * previously requested the presence of a MIC field from @@ -688,6 +689,7 @@ int ntlm_decode_auth_msg(struct ntlm_ctx *ctx, char **domain_name, char **user_name, char **workstation, struct ntlm_buffer *enc_sess_key, + struct ntlm_buffer *target_info, struct ntlm_buffer *mic); #endif /* _NTLM_H_ */ diff --git a/src/ntlm_common.h b/src/ntlm_common.h index 01d6b16..1c62171 100644 --- a/src/ntlm_common.h +++ b/src/ntlm_common.h @@ -103,4 +103,34 @@ struct wire_version { }; #pragma pack(pop) +/* ln/ntlm response, v1 or v2 */ +#pragma pack(push, 1) +union wire_ntlm_response { + struct { + uint8_t resp[24]; + } v1; + struct { + uint8_t resp[16]; + uint8_t cli_chal[]; + } v2; +}; +#pragma pack(pop) + +#pragma pack(push, 1) +struct wire_ntlmv2_cli_chal { + uint8_t resp_version; + uint8_t hi_resp_version; + uint8_t zero_6[6]; + uint64_t timestamp; + uint8_t client_chal[8]; + uint8_t zero_4[4]; + uint8_t target_info[]; + /* NOTE: the target_info array must terminate with 4 zero bytes. + * This is consistent with just copying the target_info array + * returned in the challenge message as the last AV_PAIR there is + * always MSV_AV_EOL which happens to be 4 bytes of zeros */ + +}; +#pragma pack(pop) + #endif /* _NTLM_COMMON_H_ */ diff --git a/src/ntlm_crypto.c b/src/ntlm_crypto.c index 5bccb39..f3701db 100644 --- a/src/ntlm_crypto.c +++ b/src/ntlm_crypto.c @@ -33,35 +33,6 @@ #include "ntlm.h" #include "crypto.h" -/* ntlm response, v1 or v2 */ -#pragma pack(push, 1) -union wire_ntlm_response { - struct { - uint8_t resp[24]; - } v1; - struct { - uint8_t resp[16]; - uint8_t cli_chal[]; - } v2; -}; -#pragma pack(pop) - -#pragma pack(push, 1) -struct wire_ntlmv2_cli_chal { - uint8_t resp_version; - uint8_t hi_resp_version; - uint8_t zero_6[6]; - uint64_t timestamp; - uint8_t client_chal[8]; - uint8_t zero_4[4]; - uint8_t target_info[]; - /* NOTE: the target_info array must terminate with 4 zero bytes. - * This is consistent with just copying the target_info array - * returned in the challenge message as the last AV_PAIR there is - * always MSV_AV_EOL which happens to be 4 bytes of zeros */ -}; -#pragma pack(pop) - /* signature structure, v1 or v2 */ #pragma pack(push, 1) union wire_msg_signature { diff --git a/tests/ntlmssptest.c b/tests/ntlmssptest.c index 6915a8c..7a77db7 100644 --- a/tests/ntlmssptest.c +++ b/tests/ntlmssptest.c @@ -910,7 +910,7 @@ int test_DecodeAuthenticateMessageV2(struct ntlm_ctx *ctx) ret = ntlm_decode_auth_msg(ctx, &auth_msg, T_NTLMv2.ChallengeFlags, &lm_chalresp, &nt_chalresp, &dom, &usr, &wks, - &enc_sess_key, NULL); + &enc_sess_key, NULL, NULL); if (ret) return ret; if ((lm_chalresp.length != 24) || |