void Client::handleCommand_Hello(NetworkPacket* pkt) { if (pkt->getSize() < 1) return; u8 serialization_ver; u16 proto_ver; u16 compression_mode; u32 auth_mechs; std::string username_legacy; // for case insensitivity *pkt >> serialization_ver >> compression_mode >> proto_ver >> auth_mechs >> username_legacy; // Chose an auth method we support AuthMechanism chosen_auth_mechanism = choseAuthMech(auth_mechs); infostream << "Client: TOCLIENT_HELLO received with " << "serialization_ver=" << (u32)serialization_ver << ", auth_mechs=" << auth_mechs << ", proto_ver=" << proto_ver << ", compression_mode=" << compression_mode << ". Doing auth with mech " << chosen_auth_mechanism << std::endl; if (!ser_ver_supported(serialization_ver)) { infostream << "Client: TOCLIENT_HELLO: Server sent " << "unsupported ser_fmt_ver"<< std::endl; return; } m_server_ser_ver = serialization_ver; m_proto_ver = proto_ver; //TODO verify that username_legacy matches sent username, only // differs in casing (make both uppercase and compare) // This is only neccessary though when we actually want to add casing support if (m_chosen_auth_mech != AUTH_MECHANISM_NONE) { // we recieved a TOCLIENT_HELLO while auth was already going on errorstream << "Client: TOCLIENT_HELLO while auth was already going on" << "(chosen_mech=" << m_chosen_auth_mech << ")." << std::endl; if ((m_chosen_auth_mech == AUTH_MECHANISM_SRP) || (m_chosen_auth_mech == AUTH_MECHANISM_LEGACY_PASSWORD)) { srp_user_delete((SRPUser *) m_auth_data); m_auth_data = 0; } } // Authenticate using that method, or abort if there wasn't any method found if (chosen_auth_mechanism != AUTH_MECHANISM_NONE) { startAuth(chosen_auth_mechanism); } else { m_chosen_auth_mech = AUTH_MECHANISM_NONE; m_access_denied = true; m_access_denied_reason = "Unknown"; m_con.Disconnect(); } }
OM_uint32 ntlm_gss_delete_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token) { ntlm_gss_ctx_id_t ntlm_ctx = NULL; OM_uint32 ret = GSS_S_COMPLETE; if (context_handle == NULL) { return (GSS_S_FAILURE); } ntlm_ctx = (ntlm_gss_ctx_id_t) *context_handle; if (ntlm_ctx->upn_name) { free(ntlm_ctx->upn_name); } if (ntlm_ctx->ntlm_session_key) { free(ntlm_ctx->ntlm_session_key); } if (ntlm_ctx->ntlm_usr) { srp_user_delete(ntlm_ctx->ntlm_usr); ntlm_ctx->ntlm_usr = NULL; } if (ntlm_ctx->ntlm_ver) { srp_verifier_delete(ntlm_ctx->ntlm_ver); ntlm_ctx->ntlm_ver = NULL; } if (ntlm_ctx->mech) { OM_uint32 min_tmp = GSS_S_COMPLETE; gss_release_oid(&min_tmp, &ntlm_ctx->mech); } krb5_free_keyblock(ntlm_ctx->krb5_ctx, ntlm_ctx->keyblock); ntlm_ctx->keyblock = NULL; krb5_free_context(ntlm_ctx->krb5_ctx); ntlm_ctx->krb5_ctx = NULL; free(*context_handle); *context_handle = NULL; return (ret); }
void Client::deleteAuthData() { if (!m_auth_data) return; switch (m_chosen_auth_mech) { case AUTH_MECHANISM_FIRST_SRP: break; case AUTH_MECHANISM_SRP: case AUTH_MECHANISM_LEGACY_PASSWORD: srp_user_delete((SRPUser *) m_auth_data); m_auth_data = NULL; break; case AUTH_MECHANISM_NONE: break; } }