gssapi: SPNEGO does not reset NTLM RC4 state (#509)

lib/gssapi/spnego/accept_sec_context.c

@@ -236,6 +236,10 @@ send_accept (OM_uint32 *minor_status,
 			  0,
 			  mech_buf,
 			  &mech_mic_buf);
+	if (ret == GSS_S_COMPLETE &&
+	    gss_oid_equal(context_handle->negotiated_mech_type,
+			  GSS_NTLM_MECHANISM))
+	    _gss_spnego_ntlm_reset_crypto(minor_status, context_handle, 0);
 	if (ret == GSS_S_COMPLETE) {
 	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
 	    if (nt.u.negTokenResp.mechListMIC == NULL) {

lib/gssapi/spnego/compat.c

@@ -315,3 +315,19 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
 
     return ret;
 }
+
+OM_uint32
+_gss_spnego_ntlm_reset_crypto(OM_uint32 *minor_status,
+			      gssspnego_ctx ctx,
+			      OM_uint32 verify)
+{
+    gss_buffer_desc value;
+
+    value.length = sizeof(verify);
+    value.value = &verify;
+
+    return gss_set_sec_context_option(minor_status,
+				      &ctx->negotiated_ctx_id,
+				      GSS_C_NTLM_RESET_CRYPTO,
+				      &value);
+}

lib/gssapi/spnego/init_sec_context.c

@@ -136,6 +136,9 @@ spnego_reply_internal(OM_uint32 *minor_status,
 			  0,
 			  mech_buf,
 			  &mic_buf);
+	if (ret == GSS_S_COMPLETE &&
+	    gss_oid_equal(context_handle->negotiated_mech_type, GSS_NTLM_MECHANISM))
+	    _gss_spnego_ntlm_reset_crypto(minor_status, context_handle, 0);
 	if (ret == GSS_S_COMPLETE) {
 	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
 	    if (nt.u.negTokenResp.mechListMIC == NULL) {
@@ -580,6 +583,9 @@ spnego_reply
 				 &mech_buf,
 				 &mic_buf,
 				 NULL);
+	   if (ret == GSS_S_COMPLETE &&
+	       gss_oid_equal(ctx->negotiated_mech_type, GSS_NTLM_MECHANISM))
+		_gss_spnego_ntlm_reset_crypto(minor_status, ctx, 1);
 	   if (ret) {
 		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 		free(mech_buf.value);