| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
|
| |
|
|
|
| |
There is no need to copy creds around, they are always available
or retrievable.
|
| | |
|
| |
|
|
| |
Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
|
| |
|
|
|
| |
Can't use ':' in the prefix name as ':' is the separator between prefix and
values.
|
| |
|
|
| |
Also add simple sanity check test.
|
| |
|
|
| |
Including tests to verify conformance to MS-NLMP
|
| | |
|
| |
|
|
|
| |
In connectionless mode (GSS_C_DATAGRAM_FLAG on) sealing keys
ust be rotated for each message.
|
| |
|
|
|
|
|
|
|
|
|
| |
In NTLMSSP connectionless mode applications are supposed to provide the
sequence number, however GSSAPI's get_mic and verify_mic functions do
not allow to pass an explicit sequence number.
Allow to override the context sequence numbers using a custom oid and
implemnting gss_set_sec_context_option()
Allows the operation only if the context is in connectionless mode.
|
| |
|
|
|
| |
This needs a new GSSAPI flag, for now grab a number and define
GSS_C_DATAGRAM_FLAG ourselves.
|
| |
|
|
|
| |
This contains definitions for various OIDs and flags needed to
implemented non-standard features like NTLMSSP Connectionless mode.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enterprise names are used they need to be passed with the embedded
'@' signed escaped with a '\', when that is done the whole name is used
as the user name and the name is not split on the @ or \ characters.
These forms are now supported:
foo
USERNAME: foo
DOMAIN: <null>
BAR\foo
USERNAME: foo
DOMAIN: BAR
foo@BAR
USERNAME: foo
DOMAIN: BAR
foo\@bar.example.com
USERNAME: foo\@bar.example.com
DOMAIN: <null>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.
Fix segfault in accept_sec_context, just make dom_name be an empty string.
Fix also memory leaks.
|
| |
|
|
| |
Make sure to set the cred type and copy in the name.
|
| | |
|
| |
|
|
| |
Also add source and target names to the context.
|
| | |
|
| |
|
|
| |
For now works only for satndalone server with access to a password file.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also stop associating it with th creds struct.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Check Maxlife for challenge response messages.
Also add a Maximum lifetime for the context itself based on the
same challene/response maximum life.
According to MS-NLMP MaxLifetime is 36h on modern Windows OSs, use
the same for now.
|
| |
|
|
|
| |
This allows a program to feed crdentials directly to GSSAPI from a
configuration file, or other means.
|
| | |
|
| |
|
|
|
| |
The size of the AV filed itself was missing for each field resulting in a
shorter than needed buffer size.
|
| |
|
|
|
|
|
| |
Otherwise Windows 2003 may not return a target_info field for NTLMv2 or a
server name for NTLMv1 in the challenge message.
Thanks to David Woodhouse for providing help to debug this issue.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Implements init sec context and basic mechanism initialization.
|
| |
|
|
| |
Adds crypto function helpers needed by NTLM authentication
|
| |
|
|
| |
Implements functions to encode/decode NTLMSSP packets
|
| |
|
