Skip to content

Commit 782837d

Browse files
simo5simo5
committed
Use the SPN for Target Info
When we encode/decode/process target_info use the new stored SPN. Also mark the SPN as unverified, because we never know if the calling code speaks authoritatively, and may be passing an incorrect name. Signed-off-by: Simo Sorce <[email protected]>
1 parent 98cd744 commit 782837d

File tree

3 files changed

+19
-29
lines changed

3 files changed

+19
-29
lines changed

src/gss_auth.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor_status,
8484

8585
retmin = ntlm_process_target_info(
8686
ctx->ntlm, protect, target_info,
87-
ctx->target_name.data.server.name,
87+
ctx->target_name.data.server.spn,
8888
&cb, &client_target_info,
8989
&srv_time, add_mic_ptr);
9090
if (retmin) {

src/gss_sec_ctx.c

+11-21
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
2626
struct gssntlm_ctx *ctx;
2727
struct gssntlm_name *server = NULL;
2828
struct gssntlm_cred *cred = NULL;
29-
char *computer_name = NULL;
3029
char *nb_computer_name = NULL;
3130
char *nb_domain_name = NULL;
3231
struct gssntlm_name *client_name = NULL;
@@ -165,13 +164,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
165164
if (retmaj) goto done;
166165
}
167166

168-
computer_name = strdup(client_name->data.server.name);
169-
if (!computer_name) {
170-
set_GSSERR(ENOMEM);
171-
goto done;
172-
}
173-
174-
retmin = netbios_get_names(ctx->external_context, computer_name,
167+
retmin = netbios_get_names(ctx->external_context,
168+
client_name->data.server.name,
175169
&nb_computer_name, &nb_domain_name);
176170
if (retmin) {
177171
set_GSSERR(retmin);
@@ -433,7 +427,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
433427
gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&cred);
434428
}
435429
gssntlm_release_name(&tmpmin, (gss_name_t *)&client_name);
436-
safefree(computer_name);
437430
safefree(nb_computer_name);
438431
safefree(nb_domain_name);
439432
safefree(trgt_name);
@@ -532,7 +525,6 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
532525
int lm_compat_lvl = -1;
533526
struct ntlm_buffer challenge = { 0 };
534527
struct gssntlm_name *server_name = NULL;
535-
char *computer_name = NULL;
536528
char *nb_computer_name = NULL;
537529
char *nb_domain_name = NULL;
538530
char *chal_target_name;
@@ -618,13 +610,8 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
618610
goto done;
619611
}
620612

621-
computer_name = strdup(server_name->data.server.name);
622-
if (!computer_name) {
623-
set_GSSERR(ENOMEM);
624-
goto done;
625-
}
626-
627-
retmin = netbios_get_names(ctx->external_context, computer_name,
613+
retmin = netbios_get_names(ctx->external_context,
614+
server_name->data.server.name,
628615
&nb_computer_name, &nb_domain_name);
629616
if (retmin) {
630617
set_GSSERR(retmin);
@@ -731,15 +718,19 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
731718
goto done;
732719
}
733720

721+
av_flags = MSVAVFLAGS_UNVERIFIED_SPN;
722+
734723
timestamp = ntlm_timestamp_now();
735724

736725
retmin = ntlm_encode_target_info(ctx->ntlm,
737726
nb_computer_name,
738727
nb_domain_name,
739-
computer_name,
728+
server_name->data.server.name,
740729
NULL, NULL,
741-
NULL, &timestamp,
742-
NULL, NULL, NULL,
730+
&av_flags, &timestamp,
731+
NULL,
732+
server_name->data.server.spn,
733+
NULL,
743734
&target_info);
744735
if (retmin) {
745736
set_GSSERR(retmin);
@@ -1028,7 +1019,6 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
10281019
gssntlm_release_name(&tmpmin, (gss_name_t *)&server_name);
10291020
gssntlm_release_name(&tmpmin, (gss_name_t *)&gss_usrname);
10301021
gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&usr_cred);
1031-
safefree(computer_name);
10321022
safefree(nb_computer_name);
10331023
safefree(nb_domain_name);
10341024
safefree(usr_name);

src/ntlm.c

+7-7
Original file line numberDiff line numberDiff line change
@@ -754,7 +754,7 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer,
754754

755755
int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
756756
struct ntlm_buffer *in,
757-
const char *server,
757+
const char *spn,
758758
struct ntlm_buffer *unhashed_cb,
759759
struct ntlm_buffer *out,
760760
uint64_t *out_srv_time,
@@ -786,8 +786,9 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
786786
goto done;
787787
}
788788

789-
if (server && av_target_name) {
790-
if (strcasecmp(server, av_target_name) != 0) {
789+
if (spn && av_target_name &&
790+
((av_flags & MSVAVFLAGS_UNVERIFIED_SPN) == 0)) {
791+
if (strcasecmp(spn, av_target_name) != 0) {
791792
ret = EINVAL;
792793
goto done;
793794
}
@@ -808,15 +809,14 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
808809
if (ret) goto done;
809810
}
810811

811-
if (!av_target_name && server) {
812-
av_target_name = strdup(server);
812+
if (!av_target_name && spn) {
813+
av_target_name = strdup(spn);
813814
if (!av_target_name) {
814815
ret = ENOMEM;
815816
goto done;
816817
}
818+
av_flags |= MSVAVFLAGS_UNVERIFIED_SPN;
817819
}
818-
/* TODO: add way to tell if the target name is verified o not,
819-
* if not set av_flags |= MSVAVFLAGS_UNVERIFIED_SPN; */
820820

821821
ret = ntlm_encode_target_info(ctx,
822822
nb_computer_name, nb_domain_name,

0 commit comments

Comments
 (0)