Ejemplo n.º 1
0
void Client::handleCommand_Hello(NetworkPacket* pkt)
{
	if (pkt->getSize() < 1)
		return;

	u8 serialization_ver;
	u16 proto_ver;
	u16 compression_mode;
	u32 auth_mechs;
	std::string username_legacy; // for case insensitivity
	*pkt >> serialization_ver >> compression_mode >> proto_ver
		>> auth_mechs >> username_legacy;

	// Chose an auth method we support
	AuthMechanism chosen_auth_mechanism = choseAuthMech(auth_mechs);

	infostream << "Client: TOCLIENT_HELLO received with "
			<< "serialization_ver=" << (u32)serialization_ver
			<< ", auth_mechs=" << auth_mechs
			<< ", proto_ver=" << proto_ver
			<< ", compression_mode=" << compression_mode
			<< ". Doing auth with mech " << chosen_auth_mechanism << std::endl;

	if (!ser_ver_supported(serialization_ver)) {
		infostream << "Client: TOCLIENT_HELLO: Server sent "
				<< "unsupported ser_fmt_ver"<< std::endl;
		return;
	}

	m_server_ser_ver = serialization_ver;
	m_proto_ver = proto_ver;

	//TODO verify that username_legacy matches sent username, only
	// differs in casing (make both uppercase and compare)
	// This is only neccessary though when we actually want to add casing support

	if (m_chosen_auth_mech != AUTH_MECHANISM_NONE) {
		// we recieved a TOCLIENT_HELLO while auth was already going on
		errorstream << "Client: TOCLIENT_HELLO while auth was already going on"
			<< "(chosen_mech=" << m_chosen_auth_mech << ")." << std::endl;
		if ((m_chosen_auth_mech == AUTH_MECHANISM_SRP)
				|| (m_chosen_auth_mech == AUTH_MECHANISM_LEGACY_PASSWORD)) {
			srp_user_delete((SRPUser *) m_auth_data);
			m_auth_data = 0;
		}
	}

	// Authenticate using that method, or abort if there wasn't any method found
	if (chosen_auth_mechanism != AUTH_MECHANISM_NONE) {
		startAuth(chosen_auth_mechanism);
	} else {
		m_chosen_auth_mech = AUTH_MECHANISM_NONE;
		m_access_denied = true;
		m_access_denied_reason = "Unknown";
		m_con.Disconnect();
	}

}
Ejemplo n.º 2
0
OM_uint32
ntlm_gss_delete_sec_context(
                OM_uint32 *minor_status,
                gss_ctx_id_t *context_handle,
                gss_buffer_t output_token)
{
    ntlm_gss_ctx_id_t ntlm_ctx = NULL;
    OM_uint32 ret = GSS_S_COMPLETE;
      
    if (context_handle == NULL)
    {
        return (GSS_S_FAILURE);
    }

    ntlm_ctx = (ntlm_gss_ctx_id_t) *context_handle;
    if (ntlm_ctx->upn_name)
    {
        free(ntlm_ctx->upn_name);
    }

    if (ntlm_ctx->ntlm_session_key)
    {
        free(ntlm_ctx->ntlm_session_key);
    }

    if (ntlm_ctx->ntlm_usr)
    {
        srp_user_delete(ntlm_ctx->ntlm_usr);
        ntlm_ctx->ntlm_usr = NULL;
    }
    
    if (ntlm_ctx->ntlm_ver)
    {
        srp_verifier_delete(ntlm_ctx->ntlm_ver);
        ntlm_ctx->ntlm_ver = NULL;
    }

    if (ntlm_ctx->mech)
    {
        OM_uint32 min_tmp = GSS_S_COMPLETE;
        gss_release_oid(&min_tmp, &ntlm_ctx->mech);
    }

    krb5_free_keyblock(ntlm_ctx->krb5_ctx, ntlm_ctx->keyblock);
    ntlm_ctx->keyblock = NULL;

    krb5_free_context(ntlm_ctx->krb5_ctx);
    ntlm_ctx->krb5_ctx = NULL;

    free(*context_handle);
    *context_handle = NULL;
    return (ret);
}
Ejemplo n.º 3
0
void Client::deleteAuthData()
{
	if (!m_auth_data)
		return;

	switch (m_chosen_auth_mech) {
		case AUTH_MECHANISM_FIRST_SRP:
			break;
		case AUTH_MECHANISM_SRP:
		case AUTH_MECHANISM_LEGACY_PASSWORD:
			srp_user_delete((SRPUser *) m_auth_data);
			m_auth_data = NULL;
			break;
		case AUTH_MECHANISM_NONE:
			break;
	}
}