[Bug 1653278] Re: Update gss-ntlmssp to 0.7.0 to correct sequence numbering mismatch

[Timo Aaltonen]

** Description changed:

- gss-ntlmmssp sequence numbers are incorrect in 0.6.0. In 0.7.0 the
- following patch (which is most of the difference between the two
- versions) fixes sequence numbers. We discovered this testing OMI from
- Linux to Windows, but don't have a simpler test case we can provide.
+ [Impact]
+ gss-ntlmmssp sequence numbers are incorrect in 0.6.0. 0.7.0 fixes sequence 
numbers. We discovered this testing OMI from Linux to Windows, but don't have a 
simpler test case we can provide.
  
- ./ntlm_crypto.c
- 564a565,592
- > int ntlm_reset_rc4_state(uint32_t flags, bool recv,
- >                          struct ntlm_key *session_key,
- >                          struct ntlm_signseal_state *state)
- > {
- >     struct ntlm_buffer rc4_key;
- >     int ret;
- >
- >     if (!(flags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)) {
- >         return no_ext_sec_handle(flags, session_key,
- >                                  &state->send.seal_handle);
- >     }
- >
- >     if (recv) {
- >         RC4_FREE(&state->recv.seal_handle);
- >         rc4_key.data = state->recv.seal_key.data;
- >         rc4_key.length = state->recv.seal_key.length;
- >         ret = RC4_INIT(&rc4_key, NTLM_CIPHER_DECRYPT,
- >                        &state->recv.seal_handle);
- >     } else {
- >         RC4_FREE(&state->send.seal_handle);
- >         rc4_key.data = state->send.seal_key.data;
- >         rc4_key.length = state->send.seal_key.length;
- >         ret = RC4_INIT(&rc4_key, NTLM_CIPHER_ENCRYPT,
- >                        &state->send.seal_handle);
- >     }
- >     return ret;
- > }./gss_sec_ctx.c
- 432a433
- >         if (actual_mech_type) *actual_mech_type = 
discard_const(&gssntlm_oid);
- 992a994
- >         if (mech_type) *mech_type = discard_const(&gssntlm_oid);
- 1093a1096,1153
- > uint32_t gssntlm_set_seq_num(uint32_t *minor_status,
- >                              struct gssntlm_ctx *ctx,
- >                              const gss_buffer_t value)
- > {
- >     uint32_t retmin;
- >     uint32_t retmaj;
- >
- >     if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) {
- >         if (value->length != 4) {
- >             return GSSERRS(ERR_BADARG, GSS_S_FAILURE);
- >         }
- >         memcpy(&ctx->crypto_state.recv.seq_num,
- >                value->value, value->length);
- >         ctx->crypto_state.send.seq_num = ctx->crypto_state.recv.seq_num;
- >     } else {
- >         return GSSERRS(ERR_WRONGCTX, GSS_S_FAILURE);
- >     }
- >
- >     return GSSERRS(0, GSS_S_COMPLETE);
- > }
- >
- > gss_OID_desc reset_crypto_oid = {
- >     GSS_NTLMSSP_RESET_CRYPTO_OID_LENGTH,
- >     discard_const(GSS_NTLMSSP_RESET_CRYPTO_OID_STRING)
- > };
- >
- > uint32_t gssntlm_reset_crypto(uint32_t *minor_status,
- >                               struct gssntlm_ctx *ctx,
- >                               const gss_buffer_t value)
- > {
- >     uint32_t retmin;
- >     uint32_t retmaj;
- >
- >     if (value->length != 4) {
- >         return GSSERRS(ERR_BADARG, GSS_S_FAILURE);
- >     }
- >
- >     /* reset crypto state */
- >     if (ctx->neg_flags & (NTLMSSP_NEGOTIATE_SIGN |
- >                             NTLMSSP_NEGOTIATE_SEAL)) {
- >         uint32_t val;
- >
- >         memcpy(&val, value->value, value->length);
- >
- >         /* A val of 1 means we want to reset the verifier handle,
- >          * which is the receive handle for NTLM, otherwise we reset
- >          * the send handle. */
- >         retmin = ntlm_reset_rc4_state(ctx->neg_flags, (val == 1),
- >                                       &ctx->exported_session_key,
+ [Test case]
+ test OMI
  
- >                                       &ctx->crypto_state);
- >         if (retmin) {
- >             return GSSERRS(retmin, GSS_S_FAILURE);
- >         }
- >     }
- >
- >     return GSSERRS(0, GSS_S_COMPLETE);
- > }
- >
- 1114,1129c1174,1176
- <         if (ctx->gss_flags & GSS_C_DATAGRAM_FLAG) {
- <
- <             if (value->length != 4) {
- <                 set_GSSERR(ERR_BADARG);
- <                 goto done;
- <             }
- <
- <             memcpy(&ctx->crypto_state.recv.seq_num,
- <                    value->value, value->length);
- <             ctx->crypto_state.send.seq_num = ctx->crypto_state.recv.seq_num;
- <             set_GSSERRS(0, GSS_S_COMPLETE);
- <             goto done;
- <         } else {
- <             set_GSSERRS(ERR_WRONGCTX, GSS_S_FAILURE);
- <             goto done;
- <         }
- ---
- >         return gssntlm_set_seq_num(minor_status, ctx, value);
- >     } else if (gss_oid_equal(desired_object, &reset_crypto_oid)) {
- >         return gssntlm_reset_crypto(minor_status, ctx, value);
- 1132,1135c1179
- <     set_GSSERRS(ERR_BADARG, GSS_S_UNAVAILABLE);
- <
+ [Regression potential]
+ none, since the old package simply didn't work due to a packaging goof 
(config file had awrong name)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1653278

Title:
  Update gss-ntlmssp to 0.7.0 to correct sequence numbering mismatch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gss-ntlmssp/+bug/1653278/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs