Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler

Now only one NTLM Negotiate packet will be sent per connection, rather than again after a failed authentication. The problem situation is triggered due to failed Negotiate authentication, and is probably more complex. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
2024-09-13 09:24:08 -07:00 · 2014-11-28 11:34:06 +13:00 · 2014-11-28 11:34:06 +13:00 · 0b2e75f4be
commit 0b2e75f4be
parent 88f103be1a
2 changed files with 25 additions and 10 deletions
--- a/security/manager/ssl/src/nsNTLMAuthModule.cpp
+++ b/security/manager/ssl/src/nsNTLMAuthModule.cpp
@ -1002,6 +1002,7 @@ nsNTLMAuthModule::Init(const char      *serviceName,
  mDomain = domain;
  mUsername = username;
  mPassword = password;
+  mNTLMNegotiateSent = false;

  static bool sTelemetrySent = false;
  if (!sTelemetrySent) {
@ -1030,16 +1031,29 @@ nsNTLMAuthModule::GetNextToken(const void *inToken,
  if (PK11_IsFIPS())
    return NS_ERROR_NOT_AVAILABLE;

-  // if inToken is non-null, then assume it contains a type 2 message...
-  if (inToken)
-  {
-    LogToken("in-token", inToken, inTokenLen);
-    rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
-                          inTokenLen, outToken, outTokenLen);
-  }
-  else
-  {
-    rv = GenerateType1Msg(outToken, outTokenLen);
+  if (mNTLMNegotiateSent) {
+    // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
+    // then the NTLMSSP_CHALLENGE (type 2) is expected
+    if (inToken) {
+      LogToken("in-token", inToken, inTokenLen);
+      // Now generate the NTLMSSP_AUTH (type 3)
+      rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
+			    inTokenLen, outToken, outTokenLen);
+    } else {
+      LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
+	   "rejected by the server, refusing to send another"));
+      rv = NS_ERROR_UNEXPECTED;
+    }
+  } else {
+    if (inToken) {
+      LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
+      rv = NS_ERROR_UNEXPECTED;
+    } else {
+      rv = GenerateType1Msg(outToken, outTokenLen);
+      if (NS_SUCCEEDED(rv)) {
+	mNTLMNegotiateSent = true;
+      }
+    }
  }

 #ifdef PR_LOGGING
--- a/security/manager/ssl/src/nsNTLMAuthModule.h
+++ b/security/manager/ssl/src/nsNTLMAuthModule.h
@ -28,6 +28,7 @@ private:
  nsString mDomain;
  nsString mUsername;
  nsString mPassword;
+  bool mNTLMNegotiateSent;
 };

 #define NS_NTLMAUTHMODULE_CONTRACTID \