From 0af4f35f01fef417b42fbad0a9ad774043d898be Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 13 Apr 2014 01:45:42 -0400 Subject: Make MIC conditional on integrity being requested If integrity is requested by any party then the MIC, if requested by the server will be generated, otherwise it will not be. --- src/gss_sec_ctx.c | 3 ++- src/ntlm.c | 2 +- src/ntlm.h | 4 +++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c index 92dd981..4400bc7 100644 --- a/src/gss_sec_ctx.c +++ b/src/gss_sec_ctx.c @@ -400,7 +400,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status, &target_info, server_name, &client_target_info, - &srv_time, &add_mic); + &srv_time, + protect ? &add_mic: NULL); if (retmin) { if (retmin == ERR_DECODE) { retmaj = GSS_S_DEFECTIVE_TOKEN; diff --git a/src/ntlm.c b/src/ntlm.c index d10917f..73934d7 100644 --- a/src/ntlm.c +++ b/src/ntlm.c @@ -832,7 +832,7 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, /* the server did not send the timestamp, use current time */ if (srv_time == 0) { srv_time = ntlm_timestamp_now(); - } else { + } else if (add_mic) { av_flags |= MSVAVFLAGS_MIC_PRESENT; *add_mic = true; } diff --git a/src/ntlm.h b/src/ntlm.h index 72d62c8..f338bbd 100644 --- a/src/ntlm.h +++ b/src/ntlm.h @@ -518,7 +518,9 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer, * @param server The Client Supplied Server Name if available * @param out The processed target_info buffer * @param out_srv_time A 64 bit FILETIME timestamp - * @param add_mic Whether the caller should generate a MIC + * @param add_mic A pointer to a boolean. If NULL MIC flags will + * not be set, otherwise if allowed the MIC flag + * will be set and true will be returned. * * @return 0 if everyting parses correctly, or an error code */ -- cgit