| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
We never use these fields, so do not even attempt to decode them
just ignore completely.
|
| |
|
|
|
|
|
|
|
|
| |
Seem like some very old NTLM server may omit the target_info field
entirely in the Challenge message, although MS-NLMP says modern clients
SHOULD send and empty target info header even when no target info is being
sent.
Allow to interoperate with these old servers but always set the
target_info field when we generate Challenge packets.
|
| |
|
|
|
| |
Domain name is really just optional, only computer name is mandatory.
Domain name can be empty if the server is not a domain member.
|
| |
|
|
|
| |
struct wire_auth_msg was already there, we're about to want access to
struct wire_chal_msg, and we might as well keep them together.
|
| | |
|
| |
|
|
|
|
| |
MS-NLMP 3.1.5.1.2 says a client must fail to communicate if NTLMv2
is used, Integrity or Confidentiality are required and NetBIOS Computer
or Domain Name are not present in the Challenge message from the server.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The target_info structure embedded in the NT Response message in NTLMv2
contains information needed to establish if the client has sent a valid
MIC. So we need to extract and return it if the caller requested it.
Also moves some wire structures definitions in common to be able to
reuse them.
|
| |
|
|
|
| |
If integrity is requested by any party then the MIC, if requested by the
server will be generated, otherwise it will not be.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Thi re-encoded the target_info structure at the client side adding
additional provisions of MS-NLMP 3.1.5.2.1
That is:
- generate indication that a MIC is requested by the server
- add ClientSuppliedTargetName data
|
| |
|
|
| |
This is useufl to use test vetors w/o altering them
|
| |
|
|
| |
It is never and should never be touched so const char * is better.
|
| |
|
|
|
|
|
|
|
|
|
| |
If a server send a target_info field in a challenge message it means
it does not need nor want a LM Response.
See also MS-NLMP 3.1.5.1.2
The authenticate message must alwyas send a lm_chalresp and a nt_chalresp
fields in the header but they will be simply zero length, yet the payload
pointer must point to the valid payload area. (Windows server fail
authentication if the LM Response buffer offset is zero).
|
| |
|
|
|
|
| |
Missed to see that the server set timestamp and flags.
This was preventing MICs from being generated from the client among other
things.
|
| |
|
|
| |
It was off by a factor of 10
|
| |
|
|
|
|
|
|
|
|
|
| |
The init context function was improperly initializing the ctx variable (too
late) when some early error conditions can happen. Therefore passing to the
delete context function a random memory address it would then try to free.
This wuld cause a SEGFAULT in most cases.
Additionally unfortunately iconv_close() does not follow good practices and
blindignly dereferences data, even if the passed in pointer is NULL.
So add a check before calling.
|
| |
|
|
| |
Including tests to verify conformance to MS-NLMP
|
| |
|
|
| |
For now works only for satndalone server with access to a password file.
|
| | |
|
| |
|
|
|
| |
The size of the AV filed itself was missing for each field resulting in a
shorter than needed buffer size.
|
| | |
|
| |
|
|
| |
Adds crypto function helpers needed by NTLM authentication
|
|
|
Implements functions to encode/decode NTLMSSP packets
|
