zydronium/SMBLibrary
1
0
Fork 0
mirror of https://github.com/TalAloni/SMBLibrary.git synced 2025-07-14 13:25:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

GSSAPI: Cases where the preferred authentication mechanism is not supported were not handled correctly

Browse source
This commit is contained in:
Tal Aloni 2017-05-24 18:37:41 +03:00
parent 21e7ecac52
commit eb24eafea6
1 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

27
SMBLibrary/Authentication/GSSAPI/GSSProvider.cs
View file

@ -49,12 +49,35 @@ namespace SMBLibrary.Authentication.GSSAPI
if (spnegoToken is SimpleProtectedNegotiationTokenInit) if (spnegoToken is SimpleProtectedNegotiationTokenInit)
{ {
SimpleProtectedNegotiationTokenInit tokenInit = (SimpleProtectedNegotiationTokenInit)spnegoToken; SimpleProtectedNegotiationTokenInit tokenInit = (SimpleProtectedNegotiationTokenInit)spnegoToken;
IGSSMechanism mechanism = FindMechanism(tokenInit.MechanismTypeList); if (tokenInit.MechanismTypeList.Count == 0)
{
return NTStatus.SEC_E_INVALID_TOKEN;
}
// RFC 4178: Note that in order to avoid an extra round trip, the first context establishment token
// of the initiator's preferred mechanism SHOULD be embedded in the initial negotiation message.
byte[] preferredMechanism = tokenInit.MechanismTypeList[0];
IGSSMechanism mechanism = FindMechanism(preferredMechanism);
bool isPreferredMechanism = (mechanism != null);
if (!isPreferredMechanism)
{
mechanism = FindMechanism(tokenInit.MechanismTypeList);
}
if (mechanism != null) if (mechanism != null)
{
NTStatus status;
if (isPreferredMechanism)
{ {
byte[] mechanismOutput; byte[] mechanismOutput;
NTStatus status = mechanism.AcceptSecurityContext(ref context, tokenInit.MechanismToken, out mechanismOutput); status = mechanism.AcceptSecurityContext(ref context, tokenInit.MechanismToken, out mechanismOutput);
outputToken = GetSPNEGOTokenResponseBytes(mechanismOutput, status, mechanism.Identifier); outputToken = GetSPNEGOTokenResponseBytes(mechanismOutput, status, mechanism.Identifier);
}
else
{
status = NTStatus.SEC_I_CONTINUE_NEEDED;
outputToken = GetSPNEGOTokenResponseBytes(null, status, mechanism.Identifier);
}
m_contextToMechanism[context] = mechanism; m_contextToMechanism[context] = mechanism;
return status; return status;
} }