| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Gets the target_info structure from the NT Response (if any is available)
and extract the av_flags.
If the appropriate flag is set verify the MIC previously extracted.
|
|
|
|
|
|
|
|
|
| |
The target_info structure embedded in the NT Response message in NTLMv2
contains information needed to establish if the client has sent a valid
MIC. So we need to extract and return it if the caller requested it.
Also moves some wire structures definitions in common to be able to
reuse them.
|
|
|
|
|
| |
If integrity is requested by any party then the MIC, if requested by the
server will be generated, otherwise it will not be.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Target_info can be optional, but it conflicts with channel bindings being
requesed.
|
|
|
|
|
|
|
|
|
| |
Thi re-encoded the target_info structure at the client side adding
additional provisions of MS-NLMP 3.1.5.2.1
That is:
- generate indication that a MIC is requested by the server
- add ClientSuppliedTargetName data
|
|
|
|
|
| |
This way we can remove the hacked test vectors where we changed
the version fields.
|
|
|
|
| |
This is useufl to use test vetors w/o altering them
|
| |
|
|
|
|
|
|
|
| |
The calculation was right but some unnecessary assignments were left
from a previous version.
Also make the length computation more obvious.
|
|
|
|
|
|
| |
wire_lm_response is just the same thing as wire_ntlm_response, the
only difference is how cli_chal is defined but it is not important
from a usage p[oint of view.
|
|
|
|
| |
It is never and should never be touched so const char * is better.
|
|
|
|
|
| |
If the client allows only 128bit security but the server does not offer
it, then fail the authentication.
|
|
|
|
|
|
|
|
|
|
|
| |
If a server send a target_info field in a challenge message it means
it does not need nor want a LM Response.
See also MS-NLMP 3.1.5.1.2
The authenticate message must alwyas send a lm_chalresp and a nt_chalresp
fields in the header but they will be simply zero length, yet the payload
pointer must point to the valid payload area. (Windows server fail
authentication if the LM Response buffer offset is zero).
|
|
|
|
|
| |
MS-NLMP 3.1.5.1.1 recommends to set the extended session security flag
if LM authentication is not going to be used.
|
|
|
|
|
|
| |
Missed to see that the server set timestamp and flags.
This was preventing MICs from being generated from the client among other
things.
|
|
|
|
|
|
|
| |
The calling application may want to check what flags were actually
negotiated.
Spnego also depends on the mechanism properly returning flags when
integrity is negotiated for MIC purposes.
|
| |
|
|
|
|
| |
It was off by a factor of 10
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The init context function was improperly initializing the ctx variable (too
late) when some early error conditions can happen. Therefore passing to the
delete context function a random memory address it would then try to free.
This wuld cause a SEGFAULT in most cases.
Additionally unfortunately iconv_close() does not follow good practices and
blindignly dereferences data, even if the passed in pointer is NULL.
So add a check before calling.
|
| |
|
| |
|
| |
|
|
|
|
| |
Easier to use from clients this way.
|
| |
|
| |
|
|
|
|
|
| |
The Export format version is set to 0.1
Long term keys are not exported.
|
| |
|
|
|
|
|
| |
This makes it much easier to export/import the crypto state.
In preparation for implemeting import/export of context.
|
|
|
|
|
|
|
|
| |
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
|
|
|
|
|
| |
There is no need to copy creds around, they are always available
or retrievable.
|
| |
|
|
|
|
| |
Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
|
| |
|
|
|
|
|
| |
Can't use ':' in the prefix name as ':' is the separator between prefix and
values.
|
| |
|
|
|
|
| |
Also add simple sanity check test.
|
|
|
|
| |
Including tests to verify conformance to MS-NLMP
|
| |
|
| |
|
| |
|
| |
|