CVE-2016-2110: auth/ntlmssp: implement gensec_ntlmssp_may_reset_crypto()

[MS-SPNG] requires the NTLMSSP RC4 states to be reset after the SPNEGO exchange with mechListMic verification (new_spnego). The 'reset_full' parameter is needed to support the broken behavior that windows only resets the RC4 states but not the sequence numbers. Which means this functionality is completely useless... But we want to work against all windows versions... BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2013-12-17 11:49:31 +0100
committer: Stefan Metzmacher <metze@samba.org> 2016-04-12 19:25:23 +0200
commit: 8cd1a2a118b544af7d08a3b79cdbd09384d86af3 (patch)
tree: 97968a65b419a85063d5d517ce94d3fe76a4a5ea /auth/ntlmssp/ntlmssp.h
parent: fa8c65626e33be66c707931f7a4fc1e2798823a4 (diff)
download: samba-8cd1a2a118b544af7d08a3b79cdbd09384d86af3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 8c254f36e83..bb8807df425 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -130,6 +130,8 @@ NTSTATUS ntlmssp_unwrap(struct ntlmssp_state *ntlmssp_stae,
 			TALLOC_CTX *out_mem_ctx,
 			const DATA_BLOB *in,
 			DATA_BLOB *out);
+NTSTATUS ntlmssp_sign_reset(struct ntlmssp_state *ntlmssp_state,
+			    bool reset_seqnums);
 NTSTATUS ntlmssp_sign_init(struct ntlmssp_state *ntlmssp_state);
 
 bool ntlmssp_blob_matches_magic(const DATA_BLOB *blob);
author	Stefan Metzmacher <metze@samba.org>	2013-12-17 11:49:31 +0100
committer	Stefan Metzmacher <metze@samba.org>	2016-04-12 19:25:23 +0200
commit	8cd1a2a118b544af7d08a3b79cdbd09384d86af3 (patch)
tree	97968a65b419a85063d5d517ce94d3fe76a4a5ea /auth/ntlmssp/ntlmssp.h
parent	fa8c65626e33be66c707931f7a4fc1e2798823a4 (diff)
download	samba-8cd1a2a118b544af7d08a3b79cdbd09384d86af3.tar.gz