Simo Sorce [Sat, 12 Jul 2014 12:25:18 +0000 (08:25 -0400)]
Silence const errors
Simo Sorce [Sat, 12 Jul 2014 12:23:24 +0000 (08:23 -0400)]
Cast to (char *) not (void *) to do pointer math
Simo Sorce [Sat, 12 Jul 2014 12:19:20 +0000 (08:19 -0400)]
Add gss_localname support
Uses the fully qualified name and falls back to simple user name and
calls getpwnam_r() to resolve a local name. If the user is not known
to the nsswitch subsystme it returns a failure.
Simo Sorce [Thu, 10 Jul 2014 16:03:28 +0000 (12:03 -0400)]
Handle missing name calling acquire creds.
In the GSS_C_ACCEPT (acceptor/server) case we would end up segfalting
if no name was provided. Instead allow a null desired_name and load
the default server name if none is passed in, just like
gss_accept_sec_context() does i this case.
Simo Sorce [Sat, 21 Jun 2014 18:34:33 +0000 (14:34 -0400)]
Release 0.4.0
Simo Sorce [Sat, 17 May 2014 13:40:22 +0000 (15:40 +0200)]
Fix const warnings
Just discard the const and silence the warnings, where safe;
rework assignments were possible.
Simo Sorce [Thu, 15 May 2014 11:56:20 +0000 (13:56 +0200)]
Fix Makefile cflags use
Simo Sorce [Sat, 17 May 2014 13:30:34 +0000 (15:30 +0200)]
Fix memory leak in NTLMv2 acceptor code
Simo Sorce [Mon, 5 May 2014 22:26:16 +0000 (18:26 -0400)]
Release Candidate 2 for 0.4.0
Simo Sorce [Mon, 5 May 2014 21:05:50 +0000 (17:05 -0400)]
Add way to talk about MIC with SPNEGO
As agreed with MIT people, add an inquire mechanism that serves 2 roles.
On the one hand, if the spnego mechanism makes this call at all it means
it is recent enough to support forcing the mechlistMIC on if we create
an Authenticate message MIC. So remove the environment variable and
instead depend on the SPNEGO layer to call this function before the
Authenticate token is generated (usually right after the Negotiate token
has been produced).
On the other hand if this function has been called assume SPNEGO will
call again right after the authenticate message has been genrated to
know whether the mechlistMIC needs to be added.
Simo Sorce [Sun, 6 Apr 2014 22:27:13 +0000 (18:27 -0400)]
Release Candidate 1 for 0.4.0
Simo Sorce [Thu, 10 Apr 2014 01:11:31 +0000 (21:11 -0400)]
Disable MIC by default.
The environment variable NTLMSSP_ENABLE_MIC will enable setting the MIC if
requested by the server when it is set to '1'.
It is disabled by default because it works only with a patched SPNEGO library
that will always set the mechlistMIC on the authenticate packet if we report
that integrity is enabled.
If the libray is unpatched it has also been observed that Firefox will go in
an infinite authentication loop while it keeps trying to make requests that are
always denied.
Simo Sorce [Sun, 13 Apr 2014 01:42:25 +0000 (21:42 -0400)]
Provide the correct target name in the challenge
MS-NLMP prescribes in 3.2.5.1.1 that the server should send the
NetbIOS Domain name if joined to a domain or the NetBIOS computer
name if standalone. Never the DNS computer name.
Also do not add a target_name entry in the target_info field, it is
not required and Windows does not do that.
Simo Sorce [Mon, 7 Apr 2014 03:26:44 +0000 (23:26 -0400)]
Check netbios computer and domain name when needed
MS-NLMP 3.1.5.1.2 says a client must fail to communicate if NTLMv2
is used, Integrity or Confidentiality are required and NetBIOS Computer
or Domain Name are not present in the Challenge message from the server.
Simo Sorce [Mon, 7 Apr 2014 03:24:06 +0000 (23:24 -0400)]
Always provide netbios computer and domain name
These are necessary by spec (MS-NLMP 3.1.5.1.2) if the server
sends a target_info field in the challenge message, which we do.
Uses environment variables NETBIOS_COMPUTER_NAME and NETBIOS_DOMAIN_NAME
to set NetBIOS data. If they are not available the server name truncated
to the first '.' (if any) will be used and the domain is set to the
generic "WORKGROUP" name.
Simo Sorce [Thu, 27 Mar 2014 03:26:52 +0000 (23:26 -0400)]
Test Challenge V2 message with CBT test vectors
Simo Sorce [Thu, 27 Mar 2014 03:31:45 +0000 (23:31 -0400)]
Verify Channel Bindings in accept_sec_context
Simo Sorce [Sat, 5 Apr 2014 20:24:52 +0000 (16:24 -0400)]
Add support for setting CBT in the client
Simo Sorce [Sun, 6 Apr 2014 21:53:58 +0000 (17:53 -0400)]
Add function to verify Channel Binding Token
Simo Sorce [Thu, 27 Mar 2014 03:19:52 +0000 (23:19 -0400)]
Add function to calculate channel bindings hash
Simo Sorce [Sat, 5 Apr 2014 19:21:17 +0000 (15:21 -0400)]
Get av_flags and check MIC if a client sent it
Gets the target_info structure from the NT Response (if any is available)
and extract the av_flags.
If the appropriate flag is set verify the MIC previously extracted.
Simo Sorce [Sat, 5 Apr 2014 18:51:02 +0000 (14:51 -0400)]
Return target_info from ntlm_decode_auth_msg
The target_info structure embedded in the NT Response message in NTLMv2
contains information needed to establish if the client has sent a valid
MIC. So we need to extract and return it if the caller requested it.
Also moves some wire structures definitions in common to be able to
reuse them.
Simo Sorce [Sun, 13 Apr 2014 05:45:42 +0000 (01:45 -0400)]
Make MIC conditional on integrity being requested
If integrity is requested by any party then the MIC, if requested by the
server will be generated, otherwise it will not be.
Simo Sorce [Thu, 27 Mar 2014 03:46:04 +0000 (23:46 -0400)]
Compute MIC in the client when requested
Simo Sorce [Sat, 5 Apr 2014 19:20:06 +0000 (15:20 -0400)]
Add function to verify MICs
Simo Sorce [Thu, 27 Mar 2014 03:20:24 +0000 (23:20 -0400)]
Add function to calculate MIC
Simo Sorce [Thu, 27 Mar 2014 03:45:26 +0000 (23:45 -0400)]
Use target_info parsing helper
Target_info can be optional, but it conflicts with channel bindings being
requesed.
Simo Sorce [Thu, 27 Mar 2014 03:21:02 +0000 (23:21 -0400)]
Augment target_info processing with a utility
Thi re-encoded the target_info structure at the client side adding
additional provisions of MS-NLMP 3.1.5.2.1
That is:
- generate indication that a MIC is requested by the server
- add ClientSuppliedTargetName data
Simo Sorce [Wed, 2 Apr 2014 21:37:26 +0000 (17:37 -0400)]
Set version before tests that use MS test vectors
This way we can remove the hacked test vectors where we changed
the version fields.
Simo Sorce [Wed, 2 Apr 2014 21:23:41 +0000 (17:23 -0400)]
Add internal facility to override standard version
This is useufl to use test vetors w/o altering them
Simo Sorce [Sat, 5 Apr 2014 17:55:51 +0000 (13:55 -0400)]
Retry auth with NULL Domain as per spec
Simo Sorce [Sat, 5 Apr 2014 18:53:37 +0000 (14:53 -0400)]
Remove unnecessary assignments
The calculation was right but some unnecessary assignments were left
from a previous version.
Also make the length computation more obvious.
Simo Sorce [Sat, 5 Apr 2014 18:48:27 +0000 (14:48 -0400)]
Remove redundant definition
wire_lm_response is just the same thing as wire_ntlm_response, the
only difference is how cli_chal is defined but it is not important
from a usage p[oint of view.
Simo Sorce [Wed, 2 Apr 2014 20:30:18 +0000 (16:30 -0400)]
Change input parameter to be const
It is never and should never be touched so const char * is better.
Simo Sorce [Mon, 7 Apr 2014 02:54:48 +0000 (22:54 -0400)]
Fail if the encryption level is not matched
If the client allows only 128bit security but the server does not offer
it, then fail the authentication.
Simo Sorce [Mon, 7 Apr 2014 02:44:51 +0000 (22:44 -0400)]
Do not send LM Response on auth to modern servers
If a server send a target_info field in a challenge message it means
it does not need nor want a LM Response.
See also MS-NLMP 3.1.5.1.2
The authenticate message must alwyas send a lm_chalresp and a nt_chalresp
fields in the header but they will be simply zero length, yet the payload
pointer must point to the valid payload area. (Windows server fail
authentication if the LM Response buffer offset is zero).
Simo Sorce [Sun, 13 Apr 2014 06:06:32 +0000 (02:06 -0400)]
Always use Extedned Session Security when possible
MS-NLMP 3.1.5.1.1 recommends to set the extended session security flag
if LM authentication is not going to be used.
Simo Sorce [Sun, 6 Apr 2014 19:33:39 +0000 (15:33 -0400)]
Fix missing assignments in ntlm_decode_target_info
Missed to see that the server set timestamp and flags.
This was preventing MICs from being generated from the client among other
things.
Simo Sorce [Sun, 13 Apr 2014 05:29:08 +0000 (01:29 -0400)]
Return flags and time when requested
The calling application may want to check what flags were actually
negotiated.
Spnego also depends on the mechanism properly returning flags when
integrity is negotiated for MIC purposes.
Simo Sorce [Sat, 12 Apr 2014 21:25:19 +0000 (17:25 -0400)]
Return Client name if requested
Simo Sorce [Sun, 13 Apr 2014 01:50:58 +0000 (21:50 -0400)]
Fix epoch value
It was off by a factor of 10
Simo Sorce [Sun, 26 Jan 2014 20:55:03 +0000 (15:55 -0500)]
Release 0.3.1
Simo Sorce [Sun, 26 Jan 2014 18:49:04 +0000 (13:49 -0500)]
Fix segfault in init context.
The init context function was improperly initializing the ctx variable (too
late) when some early error conditions can happen. Therefore passing to the
delete context function a random memory address it would then try to free.
This wuld cause a SEGFAULT in most cases.
Additionally unfortunately iconv_close() does not follow good practices and
blindignly dereferences data, even if the passed in pointer is NULL.
So add a check before calling.
Simo Sorce [Mon, 13 Jan 2014 03:00:40 +0000 (22:00 -0500)]
Release 0.3.0
Simo Sorce [Sun, 12 Jan 2014 21:38:05 +0000 (16:38 -0500)]
Implement Import/Export cred functions
Simo Sorce [Sun, 12 Jan 2014 23:18:43 +0000 (18:18 -0500)]
Generalize export_state and related functions
Simo Sorce [Mon, 6 Jan 2014 16:56:41 +0000 (11:56 -0500)]
Expose cred store names in public header file.
Easier to use from clients this way.
Simo Sorce [Mon, 16 Dec 2013 01:43:29 +0000 (20:43 -0500)]
Test export/import context functions
Simo Sorce [Mon, 16 Dec 2013 01:19:04 +0000 (20:19 -0500)]
Implement import context function
Simo Sorce [Sun, 15 Dec 2013 01:37:09 +0000 (20:37 -0500)]
Implement export context function
The Export format version is set to 0.1
Long term keys are not exported.
Simo Sorce [Sat, 14 Dec 2013 21:55:40 +0000 (16:55 -0500)]
Add import/export functions for the RC4 state
Simo Sorce [Sat, 14 Dec 2013 21:29:45 +0000 (16:29 -0500)]
Use RC4 instead of EVP interface of openssl
This makes it much easier to export/import the crypto state.
In preparation for implemeting import/export of context.
Simo Sorce [Mon, 16 Dec 2013 01:09:56 +0000 (20:09 -0500)]
Fix potential leaks in delete_context
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
Simo Sorce [Sun, 15 Dec 2013 05:11:06 +0000 (00:11 -0500)]
Do not copy creds on the context
There is no need to copy creds around, they are always available
or retrievable.
Stefan Becker [Fri, 13 Dec 2013 22:03:01 +0000 (17:03 -0500)]
Fix memleaks in init_sec_context
Simo Sorce [Fri, 13 Dec 2013 20:48:19 +0000 (15:48 -0500)]
Fix memory leak with gssntlm_names
Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
Simo Sorce [Sat, 23 Nov 2013 20:18:36 +0000 (15:18 -0500)]
Fix spec file krb5-libs dep
Simo Sorce [Sat, 23 Nov 2013 20:09:59 +0000 (15:09 -0500)]
Fix NTLM specific cred_store prefixes
Can't use ':' in the prefix name as ':' is the separator between prefix and
values.
Simo Sorce [Fri, 25 Oct 2013 00:59:46 +0000 (20:59 -0400)]
Bump up version number to prerelease level
Simo Sorce [Fri, 25 Oct 2013 00:57:40 +0000 (20:57 -0400)]
Add methods to inquire credentials
Also add simple sanity check test.
Simo Sorce [Tue, 22 Oct 2013 15:50:13 +0000 (11:50 -0400)]
Add support for NTLMv1 Signing and Sealing
Including tests to verify conformance to MS-NLMP
Simo Sorce [Sat, 19 Oct 2013 18:59:03 +0000 (14:59 -0400)]
Add CRC32 function using Zlib's crc32
Simo Sorce [Wed, 23 Oct 2013 12:52:51 +0000 (08:52 -0400)]
Fix URLs with new upstream locations
Simo Sorce [Fri, 18 Oct 2013 21:55:02 +0000 (17:55 -0400)]
Release 0.2.0
Simo Sorce [Thu, 17 Oct 2013 15:37:47 +0000 (11:37 -0400)]
Test connectionless contexts
Simo Sorce [Thu, 17 Oct 2013 04:57:55 +0000 (00:57 -0400)]
Support connectionless signing and sealing.
In connectionless mode (GSS_C_DATAGRAM_FLAG on) sealing keys
ust be rotated for each message.
Simo Sorce [Thu, 17 Oct 2013 01:51:16 +0000 (21:51 -0400)]
Add way to set sequence numbres.
In NTLMSSP connectionless mode applications are supposed to provide the
sequence number, however GSSAPI's get_mic and verify_mic functions do
not allow to pass an explicit sequence number.
Allow to override the context sequence numbers using a custom oid and
implemnting gss_set_sec_context_option()
Allows the operation only if the context is in connectionless mode.
Simo Sorce [Wed, 16 Oct 2013 15:04:30 +0000 (11:04 -0400)]
Add support for connectionless mode
This needs a new GSSAPI flag, for now grab a number and define
GSS_C_DATAGRAM_FLAG ourselves.
Simo Sorce [Wed, 16 Oct 2013 21:59:35 +0000 (17:59 -0400)]
Add public devel header file
This contains definitions for various OIDs and flags needed to
implemented non-standard features like NTLMSSP Connectionless mode.
Simo Sorce [Fri, 18 Oct 2013 18:45:50 +0000 (14:45 -0400)]
Add special case for enterprise names
When enterprise names are used they need to be passed with the embedded
'@' signed escaped with a '\', when that is done the whole name is used
as the user name and the name is not split on the @ or \ characters.
These forms are now supported:
foo
USERNAME: foo
DOMAIN: <null>
BAR\foo
USERNAME: foo
DOMAIN: BAR
foo@BAR
USERNAME: foo
DOMAIN: BAR
foo\@bar.example.com
USERNAME: foo\@bar.example.com
DOMAIN: <null>
Simo Sorce [Fri, 18 Oct 2013 18:54:25 +0000 (14:54 -0400)]
Treat NO OID as GSS_C_NT_USER_NAME on import
Simo Sorce [Thu, 17 Oct 2013 04:53:17 +0000 (00:53 -0400)]
Fix potential segfault condition in RC4_FREE
Simo Sorce [Thu, 17 Oct 2013 15:26:49 +0000 (11:26 -0400)]
Fix generation of signing keys and add tests
Simo Sorce [Fri, 18 Oct 2013 13:00:02 +0000 (09:00 -0400)]
Fix symbols export regex to include gssspi_ too.
Thanks to David Woodhouse for finding out.
Simo Sorce [Thu, 17 Oct 2013 06:07:33 +0000 (02:07 -0400)]
Test acquire_cred_with_password
Simo Sorce [Wed, 16 Oct 2013 17:10:38 +0000 (13:10 -0400)]
Add support for gss_acquire_cred_with_password()
Simo Sorce [Wed, 16 Oct 2013 17:36:23 +0000 (13:36 -0400)]
Fix handling of NULL domain
Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.
Fix segfault in accept_sec_context, just make dom_name be an empty string.
Fix also memory leaks.
Simo Sorce [Wed, 16 Oct 2013 17:05:52 +0000 (13:05 -0400)]
Fix acquiring creds via cred_store
Make sure to set the cred type and copy in the name.
Simo Sorce [Mon, 14 Oct 2013 21:19:52 +0000 (17:19 -0400)]
Streamline spec file.
Fixes as requested by Fedora review
Simo Sorce [Thu, 17 Oct 2013 05:25:20 +0000 (01:25 -0400)]
Bump up version number afeter 0.1.0 release
Simo Sorce [Mon, 14 Oct 2013 13:53:51 +0000 (09:53 -0400)]
Correct upstream page in spec
Simo Sorce [Sun, 13 Oct 2013 16:41:13 +0000 (12:41 -0400)]
Make version 0.1.0
Simo Sorce [Sun, 13 Oct 2013 16:38:59 +0000 (12:38 -0400)]
Fix typos in README.txt
Simo Sorce [Thu, 22 Aug 2013 02:48:22 +0000 (22:48 -0400)]
Add more tests.
Cover gss_inquire_context and gss_display_name implementations.
Simo Sorce [Thu, 22 Aug 2013 02:35:17 +0000 (22:35 -0400)]
Add gss_display_name implementation
Simo Sorce [Thu, 22 Aug 2013 02:05:45 +0000 (22:05 -0400)]
Add implementation of gss_inquire_context
Also add source and target names to the context.
Simo Sorce [Mon, 19 Aug 2013 01:01:35 +0000 (21:01 -0400)]
Test Integrity and Confidentiality
Simo Sorce [Sun, 18 Aug 2013 05:04:30 +0000 (01:04 -0400)]
Add integrity and confidentiality functions
Simo Sorce [Sat, 27 Jul 2013 22:11:54 +0000 (18:11 -0400)]
Add testsing of gssntlm mechglue functions
Simo Sorce [Sat, 27 Jul 2013 17:57:56 +0000 (13:57 -0400)]
Basic implementation of accept_sec_context
For now works only for satndalone server with access to a password file.
Simo Sorce [Sat, 27 Jul 2013 22:37:51 +0000 (18:37 -0400)]
Add support for server credentials
Simo Sorce [Sat, 27 Jul 2013 20:46:42 +0000 (16:46 -0400)]
Add helper to copy names and gss_duplicate_name
Simo Sorce [Sat, 27 Jul 2013 19:37:05 +0000 (15:37 -0400)]
Internal release name
Simo Sorce [Sat, 27 Jul 2013 17:51:52 +0000 (13:51 -0400)]
Helper function to check lm compatibility level
Also stop associating it with th creds struct.
Simo Sorce [Sun, 21 Jul 2013 16:59:44 +0000 (12:59 -0400)]
Fix message type check
Simo Sorce [Sun, 21 Jul 2013 05:55:22 +0000 (01:55 -0400)]
Add gss_context_time() implementation
Simo Sorce [Sun, 21 Jul 2013 06:01:59 +0000 (02:01 -0400)]
Helper function to check security context validity
Simo Sorce [Sun, 21 Jul 2013 05:43:54 +0000 (01:43 -0400)]
Add expiration time checks
Check Maxlife for challenge response messages.
Also add a Maximum lifetime for the context itself based on the
same challene/response maximum life.
According to MS-NLMP MaxLifetime is 36h on modern Windows OSs, use
the same for now.
Simo Sorce [Sun, 21 Jul 2013 04:57:25 +0000 (00:57 -0400)]
Add Credential Store support
This allows a program to feed crdentials directly to GSSAPI from a
configuration file, or other means.
Simo Sorce [Sat, 20 Jul 2013 17:01:04 +0000 (13:01 -0400)]
Fix some comments