wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 734229 - Partially address by refusing to re-negotiate on NTLM. r=mayhemer, r=keeler

Browse Source 
Now only one NTLM Negotiate packet will be sent per connection, rather
than again after a failed authentication.  The problem situation is
triggered due to failed Negotiate authentication, and is probably more
complex.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2014-11-28 11:34:06 +13:00
parent 88f103be1a
commit 0b2e75f4be
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
security/manager/ssl/src/nsNTLMAuthModule.cpp
View File

@ -1002,6 +1002,7 @@ nsNTLMAuthModule::Init(const char *serviceName,
mDomain = domain; mDomain = domain;
mUsername = username; mUsername = username;
mPassword = password; mPassword = password;
mNTLMNegotiateSent = false;
static bool sTelemetrySent = false; static bool sTelemetrySent = false;
if (!sTelemetrySent) { if (!sTelemetrySent) {
@ -1030,16 +1031,29 @@ nsNTLMAuthModule::GetNextToken(const void *inToken,
if (PK11_IsFIPS()) if (PK11_IsFIPS())
return NS_ERROR_NOT_AVAILABLE; return NS_ERROR_NOT_AVAILABLE;
// if inToken is non-null, then assume it contains a type 2 message... if (mNTLMNegotiateSent) {
if (inToken) // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
{ // then the NTLMSSP_CHALLENGE (type 2) is expected
LogToken("in-token", inToken, inTokenLen); if (inToken) {
rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken, LogToken("in-token", inToken, inTokenLen);
inTokenLen, outToken, outTokenLen); // Now generate the NTLMSSP_AUTH (type 3)
} rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
else inTokenLen, outToken, outTokenLen);
{ } else {
rv = GenerateType1Msg(outToken, outTokenLen); LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
"rejected by the server, refusing to send another"));
rv = NS_ERROR_UNEXPECTED;
}
} else {
if (inToken) {
LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
rv = NS_ERROR_UNEXPECTED;
} else {
rv = GenerateType1Msg(outToken, outTokenLen);
if (NS_SUCCEEDED(rv)) {
mNTLMNegotiateSent = true;
}
}
} }
#ifdef PR_LOGGING #ifdef PR_LOGGING

1
security/manager/ssl/src/nsNTLMAuthModule.h
View File

@ -28,6 +28,7 @@ private:
nsString mDomain; nsString mDomain;
nsString mUsername; nsString mUsername;
nsString mPassword; nsString mPassword;
bool mNTLMNegotiateSent;
}; };
#define NS_NTLMAUTHMODULE_CONTRACTID \ #define NS_NTLMAUTHMODULE_CONTRACTID \