Skip to content

Commit 8cd2b7b

Browse files
simo5simo5
committed
Use the SPN for Target Info
When we encode/decode/process target_info use the new stored SPN. Also mark the SPN as unverified, because we never know if the calling code speaks authoritatively, and may be passing an incorrect name. Signed-off-by: Simo Sorce <[email protected]>
1 parent 4d3f37d commit 8cd2b7b

File tree

3 files changed

+22
-30
lines changed

3 files changed

+22
-30
lines changed

src/gss_auth.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ uint32_t gssntlm_cli_auth(uint32_t *minor_status,
8484

8585
retmin = ntlm_process_target_info(
8686
ctx->ntlm, protect, target_info,
87-
ctx->target_name.data.server.name,
87+
ctx->target_name.data.server.spn,
8888
&cb, &client_target_info,
8989
&srv_time, add_mic_ptr);
9090
if (retmin) {

src/gss_sec_ctx.c

Lines changed: 14 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
2626
struct gssntlm_ctx *ctx;
2727
struct gssntlm_name *server = NULL;
2828
struct gssntlm_cred *cred = NULL;
29-
char *computer_name = NULL;
3029
char *nb_computer_name = NULL;
3130
char *nb_domain_name = NULL;
3231
struct gssntlm_name *client_name = NULL;
@@ -56,7 +55,9 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
5655
if (server->type != GSSNTLM_NAME_SERVER) {
5756
return GSSERRS(ERR_NOSRVNAME, GSS_S_BAD_NAMETYPE);
5857
}
59-
if (!server->data.server.name ||
58+
if (!server->data.server.spn ||
59+
!server->data.server.spn[0] ||
60+
!server->data.server.name ||
6061
!server->data.server.name[0]) {
6162
return GSSERRS(ERR_NONAME, GSS_S_BAD_NAME);
6263
}
@@ -165,13 +166,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
165166
if (retmaj) goto done;
166167
}
167168

168-
computer_name = strdup(client_name->data.server.name);
169-
if (!computer_name) {
170-
set_GSSERR(ENOMEM);
171-
goto done;
172-
}
173-
174-
retmin = netbios_get_names(ctx->external_context, computer_name,
169+
retmin = netbios_get_names(ctx->external_context,
170+
client_name->data.server.name,
175171
&nb_computer_name, &nb_domain_name);
176172
if (retmin) {
177173
set_GSSERR(retmin);
@@ -433,7 +429,6 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
433429
gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&cred);
434430
}
435431
gssntlm_release_name(&tmpmin, (gss_name_t *)&client_name);
436-
safefree(computer_name);
437432
safefree(nb_computer_name);
438433
safefree(nb_domain_name);
439434
safefree(trgt_name);
@@ -532,7 +527,6 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
532527
int lm_compat_lvl = -1;
533528
struct ntlm_buffer challenge = { 0 };
534529
struct gssntlm_name *server_name = NULL;
535-
char *computer_name = NULL;
536530
char *nb_computer_name = NULL;
537531
char *nb_domain_name = NULL;
538532
char *chal_target_name;
@@ -618,13 +612,8 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
618612
goto done;
619613
}
620614

621-
computer_name = strdup(server_name->data.server.name);
622-
if (!computer_name) {
623-
set_GSSERR(ENOMEM);
624-
goto done;
625-
}
626-
627-
retmin = netbios_get_names(ctx->external_context, computer_name,
615+
retmin = netbios_get_names(ctx->external_context,
616+
server_name->data.server.name,
628617
&nb_computer_name, &nb_domain_name);
629618
if (retmin) {
630619
set_GSSERR(retmin);
@@ -731,15 +720,19 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
731720
goto done;
732721
}
733722

723+
av_flags = MSVAVFLAGS_UNVERIFIED_SPN;
724+
734725
timestamp = ntlm_timestamp_now();
735726

736727
retmin = ntlm_encode_target_info(ctx->ntlm,
737728
nb_computer_name,
738729
nb_domain_name,
739-
computer_name,
730+
server_name->data.server.name,
740731
NULL, NULL,
741-
NULL, &timestamp,
742-
NULL, NULL, NULL,
732+
&av_flags, &timestamp,
733+
NULL,
734+
server_name->data.server.spn,
735+
NULL,
743736
&target_info);
744737
if (retmin) {
745738
set_GSSERR(retmin);
@@ -1028,7 +1021,6 @@ uint32_t gssntlm_accept_sec_context(uint32_t *minor_status,
10281021
gssntlm_release_name(&tmpmin, (gss_name_t *)&server_name);
10291022
gssntlm_release_name(&tmpmin, (gss_name_t *)&gss_usrname);
10301023
gssntlm_release_cred(&tmpmin, (gss_cred_id_t *)&usr_cred);
1031-
safefree(computer_name);
10321024
safefree(nb_computer_name);
10331025
safefree(nb_domain_name);
10341026
safefree(usr_name);

src/ntlm.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -754,7 +754,7 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer,
754754

755755
int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
756756
struct ntlm_buffer *in,
757-
const char *server,
757+
const char *spn,
758758
struct ntlm_buffer *unhashed_cb,
759759
struct ntlm_buffer *out,
760760
uint64_t *out_srv_time,
@@ -786,8 +786,9 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
786786
goto done;
787787
}
788788

789-
if (server && av_target_name) {
790-
if (strcasecmp(server, av_target_name) != 0) {
789+
if (spn && av_target_name &&
790+
((av_flags & MSVAVFLAGS_UNVERIFIED_SPN) == 0)) {
791+
if (strcasecmp(spn, av_target_name) != 0) {
791792
ret = EINVAL;
792793
goto done;
793794
}
@@ -808,15 +809,14 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx, bool protect,
808809
if (ret) goto done;
809810
}
810811

811-
if (!av_target_name && server) {
812-
av_target_name = strdup(server);
812+
if (!av_target_name && spn) {
813+
av_target_name = strdup(spn);
813814
if (!av_target_name) {
814815
ret = ENOMEM;
815816
goto done;
816817
}
818+
av_flags |= MSVAVFLAGS_UNVERIFIED_SPN;
817819
}
818-
/* TODO: add way to tell if the target name is verified o not,
819-
* if not set av_flags |= MSVAVFLAGS_UNVERIFIED_SPN; */
820820

821821
ret = ntlm_encode_target_info(ctx,
822822
nb_computer_name, nb_domain_name,

0 commit comments

Comments
 (0)