summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Test Challenge V2 message with CBT test vectorsSimo Sorce2014-05-041-7/+465
|
* Verify Channel Bindings in accept_sec_contextSimo Sorce2014-05-041-1/+24
|
* Add support for setting CBT in the clientSimo Sorce2014-05-043-2/+28
|
* Add function to verify Channel Binding TokenSimo Sorce2014-05-042-0/+27
|
* Add function to calculate channel bindings hashSimo Sorce2014-05-042-0/+39
|
* Get av_flags and check MIC if a client sent itSimo Sorce2014-05-041-4/+25
| | | | | | | Gets the target_info structure from the NT Response (if any is available) and extract the av_flags. If the appropriate flag is set verify the MIC previously extracted.
* Return target_info from ntlm_decode_auth_msgSimo Sorce2014-05-046-31/+56
| | | | | | | | | The target_info structure embedded in the NT Response message in NTLMv2 contains information needed to establish if the client has sent a valid MIC. So we need to extract and return it if the caller requested it. Also moves some wire structures definitions in common to be able to reuse them.
* Make MIC conditional on integrity being requestedSimo Sorce2014-05-043-3/+6
| | | | | If integrity is requested by any party then the MIC, if requested by the server will be generated, otherwise it will not be.
* Compute MIC in the client when requestedSimo Sorce2014-05-042-4/+24
|
* Add function to verify MICsSimo Sorce2014-05-044-46/+104
|
* Add function to calculate MICSimo Sorce2014-05-042-0/+42
|
* Use target_info parsing helperSimo Sorce2014-05-041-36/+30
| | | | | Target_info can be optional, but it conflicts with channel bindings being requesed.
* Augment target_info processing with a utilitySimo Sorce2014-05-042-0/+91
| | | | | | | | | Thi re-encoded the target_info structure at the client side adding additional provisions of MS-NLMP 3.1.5.2.1 That is: - generate indication that a MIC is requested by the server - add ClientSuppliedTargetName data
* Set version before tests that use MS test vectorsSimo Sorce2014-05-041-36/+17
| | | | | This way we can remove the hacked test vectors where we changed the version fields.
* Add internal facility to override standard versionSimo Sorce2014-05-042-8/+31
| | | | This is useufl to use test vetors w/o altering them
* Retry auth with NULL Domain as per specSimo Sorce2014-05-041-23/+37
|
* Remove unnecessary assignmentsSimo Sorce2014-05-041-4/+3
| | | | | | | The calculation was right but some unnecessary assignments were left from a previous version. Also make the length computation more obvious.
* Remove redundant definitionSimo Sorce2014-05-041-17/+4
| | | | | | wire_lm_response is just the same thing as wire_ntlm_response, the only difference is how cli_chal is defined but it is not important from a usage p[oint of view.
* Change input parameter to be constSimo Sorce2014-05-042-2/+2
| | | | It is never and should never be touched so const char * is better.
* Fail if the encryption level is not matchedSimo Sorce2014-05-041-0/+6
| | | | | If the client allows only 128bit security but the server does not offer it, then fail the authentication.
* Do not send LM Response on auth to modern serversSimo Sorce2014-05-042-17/+23
| | | | | | | | | | | If a server send a target_info field in a challenge message it means it does not need nor want a LM Response. See also MS-NLMP 3.1.5.1.2 The authenticate message must alwyas send a lm_chalresp and a nt_chalresp fields in the header but they will be simply zero length, yet the payload pointer must point to the valid payload area. (Windows server fail authentication if the LM Response buffer offset is zero).
* Always use Extedned Session Security when possibleSimo Sorce2014-05-041-0/+1
| | | | | MS-NLMP 3.1.5.1.1 recommends to set the extended session security flag if LM authentication is not going to be used.
* Fix missing assignments in ntlm_decode_target_infoSimo Sorce2014-05-041-2/+4
| | | | | | Missed to see that the server set timestamp and flags. This was preventing MICs from being generated from the client among other things.
* Return flags and time when requestedSimo Sorce2014-05-041-0/+14
| | | | | | | The calling application may want to check what flags were actually negotiated. Spnego also depends on the mechanism properly returning flags when integrity is negotiated for MIC purposes.
* Return Client name if requestedSimo Sorce2014-04-121-0/+9
|
* Fix epoch valueSimo Sorce2014-04-121-1/+1
| | | | It was off by a factor of 10
* Release 0.3.1v0.3.1Simo Sorce2014-01-261-1/+1
|
* Fix segfault in init context.Simo Sorce2014-01-262-6/+11
| | | | | | | | | | | The init context function was improperly initializing the ctx variable (too late) when some early error conditions can happen. Therefore passing to the delete context function a random memory address it would then try to free. This wuld cause a SEGFAULT in most cases. Additionally unfortunately iconv_close() does not follow good practices and blindignly dereferences data, even if the passed in pointer is NULL. So add a check before calling.
* Release 0.3.0v0.3.0Simo Sorce2014-01-121-1/+1
|
* Implement Import/Export cred functionsexport_credSimo Sorce2014-01-123-0/+216
|
* Generalize export_state and related functionsSimo Sorce2014-01-121-75/+82
|
* Expose cred store names in public header file.Simo Sorce2014-01-123-6/+8
| | | | Easier to use from clients this way.
* Test export/import context functionsexport_ctxSimo Sorce2013-12-151-0/+35
|
* Implement import context functionSimo Sorce2013-12-151-1/+313
|
* Implement export context functionSimo Sorce2013-12-155-1/+434
| | | | | The Export format version is set to 0.1 Long term keys are not exported.
* Add import/export functions for the RC4 stateSimo Sorce2013-12-152-0/+56
|
* Use RC4 instead of EVP interface of opensslSimo Sorce2013-12-151-49/+10
| | | | | This makes it much easier to export/import the crypto state. In preparation for implemeting import/export of context.
* Fix potential leaks in delete_contextSimo Sorce2013-12-151-0/+6
| | | | | | | | Free RC4 state if any Free workstations tring if any Also make sure to safely zero the struct before freeing to avoid leaking any key material.
* Do not copy creds on the contextSimo Sorce2013-12-152-63/+51
| | | | | There is no need to copy creds around, they are always available or retrievable.
* Fix memleaks in init_sec_contextStefan Becker2013-12-131-1/+3
|
* Fix memory leak with gssntlm_namesSimo Sorce2013-12-131-1/+1
| | | | Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
* Fix spec file krb5-libs depSimo Sorce2013-11-231-1/+1
|
* Fix NTLM specific cred_store prefixesSimo Sorce2013-11-231-3/+3
| | | | | Can't use ':' in the prefix name as ':' is the separator between prefix and values.
* Bump up version number to prerelease levelSimo Sorce2013-10-241-1/+1
|
* Add methods to inquire credentialsSimo Sorce2013-10-244-0/+165
| | | | Also add simple sanity check test.
* Add support for NTLMv1 Signing and SealingSimo Sorce2013-10-233-49/+134
| | | | Including tests to verify conformance to MS-NLMP
* Add CRC32 function using Zlib's crc32Simo Sorce2013-10-234-0/+161
|
* Fix URLs with new upstream locationsSimo Sorce2013-10-231-2/+2
|
* Release 0.2.0v0.2.0Simo Sorce2013-10-181-1/+1
|
* Test connectionless contextsconnectionlessSimo Sorce2013-10-181-2/+233
|
generated by cgit (git 2.34.1) at 2024-06-21 17:27:56 +0000