Public bug reported:
gss-ntlmmssp sequence numbers are incorrect in 0.6.0. In 0.7.0 the
following patch (which is most of the difference between the two
versions) fixes sequence numbers. We discovered this testing OMI from
Linux to Windows, but don't have a simpler test case we can provide.
./ntlm_crypto.c
564a565,592
> int ntlm_reset_rc4_state(uint32_t flags, bool recv,
> struct ntlm_key *session_key,
> struct ntlm_signseal_state *state)
> {
> struct ntlm_buffer rc4_key;
> int ret;
>
> if (!(flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
> return no_ext_sec_handle(flags, session_key,
> &state->send.seal_handle);
> }
>
> if (recv) {
> RC4_FREE(&state->recv.seal_handle);
> rc4_key.data = state->recv.seal_key.data;
> rc4_key.length = state->recv.seal_key.length;
> ret = RC4_INIT(&rc4_key, NTLM_CIPHER_DECRYPT,
> &state->recv.seal_handle);
> } else {
> RC4_FREE(&state->send.seal_handle);
> rc4_key.data = state->send.seal_key.data;
> rc4_key.length = state->send.seal_key.length;
> ret = RC4_INIT(&rc4_key, NTLM_CIPHER_ENCRYPT,
> &state->send.seal_handle);
> }
> return ret;
> }./gss_sec_ctx.c
432a433
> if (actual_mech_type) *actual_mech_type = discard_const(&gssntlm_oid);
992a994
> if (mech_type) *mech_type = discard_const(&gssntlm_oid);
1093a1096,1153
> uint32_t gssntlm_set_seq_num(uint32_t *minor_status,
> struct gssntlm_ctx *ctx,
> const gss_buffer_t value)
> {
> uint32_t retmin;
> uint32_t retmaj;
>
> if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) {
> if (value->length != 4) {
> return GSSERRS(ERR_BADARG, GSS_S_FAILURE);
> }
> memcpy(&ctx->crypto_state.recv.seq_num,
> value->value, value->length);
> ctx->crypto_state.send.seq_num = ctx->crypto_state.recv.seq_num;
> } else {
> return GSSERRS(ERR_WRONGCTX, GSS_S_FAILURE);
> }
>
> return GSSERRS(0, GSS_S_COMPLETE);
> }
>
> gss_OID_desc reset_crypto_oid = {
> GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH,
> discard_const(GSS_NTLMSSP_RESET_CRYPTO_OID_STRING)
> };
>
> uint32_t gssntlm_reset_crypto(uint32_t *minor_status,
> struct gssntlm_ctx *ctx,
> const gss_buffer_t value)
> {
> uint32_t retmin;
> uint32_t retmaj;
>
> if (value->length != 4) {
> return GSSERRS(ERR_BADARG, GSS_S_FAILURE);
> }
>
> /* reset crypto state */
> if (ctx->neg_flags & (NTLMSSP_NEGOTIATE_SIGN |
> NTLMSSP_NEGOTIATE_SEAL)) {
> uint32_t val;
>
> memcpy(&val, value->value, value->length);
>
> /* A val of 1 means we want to reset the verifier handle,
> * which is the receive handle for NTLM, otherwise we reset
> * the send handle. */
> retmin = ntlm_reset_rc4_state(ctx->neg_flags, (val == 1),
> &ctx->exported_session_key,
> &ctx->crypto_state);
> if (retmin) {
> return GSSERRS(retmin, GSS_S_FAILURE);
> }
> }
>
> return GSSERRS(0, GSS_S_COMPLETE);
> }
>
1114,1129c1174,1176
< if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) {
<
< if (value->length != 4) {
< set_GSSERR(ERR_BADARG);
< goto done;
< }
<
< memcpy(&ctx->crypto_state.recv.seq_num,
< value->value, value->length);
< ctx->crypto_state.send.seq_num = ctx->crypto_state.recv.seq_num;
< set_GSSERRS(0, GSS_S_COMPLETE);
< goto done;
< } else {
< set_GSSERRS(ERR_WRONGCTX, GSS_S_FAILURE);
< goto done;
< }
---
> return gssntlm_set_seq_num(minor_status, ctx, value);
> } else if (gss_oid_equal(desired_object, &reset_crypto_oid)) {
> return gssntlm_reset_crypto(minor_status, ctx, value);
1132,1135c1179
< set_GSSERRS(ERR_BADARG, GSS_S_UNAVAILABLE);
<
** Affects: krb5 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1653278
Title:
Update gss-ntlmssp to 0.7.0 to correct sequence numbering mismatch
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1653278/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
