summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Simo Sorce [Sun, 26 Jan 2014 20:55:03 +0000 (15:55 -0500)]
Release 0.3.1
Simo Sorce [Sun, 26 Jan 2014 18:49:04 +0000 (13:49 -0500)]
Fix segfault in init context.
The init context function was improperly initializing the ctx variable (too
late) when some early error conditions can happen. Therefore passing to the
delete context function a random memory address it would then try to free.
This wuld cause a SEGFAULT in most cases.
Additionally unfortunately iconv_close() does not follow good practices and
blindignly dereferences data, even if the passed in pointer is NULL.
So add a check before calling.
Simo Sorce [Mon, 13 Jan 2014 03:00:40 +0000 (22:00 -0500)]
Release 0.3.0
Simo Sorce [Sun, 12 Jan 2014 21:38:05 +0000 (16:38 -0500)]
Implement Import/Export cred functions
Simo Sorce [Sun, 12 Jan 2014 23:18:43 +0000 (18:18 -0500)]
Generalize export_state and related functions
Simo Sorce [Mon, 6 Jan 2014 16:56:41 +0000 (11:56 -0500)]
Expose cred store names in public header file.
Easier to use from clients this way.
Simo Sorce [Mon, 16 Dec 2013 01:43:29 +0000 (20:43 -0500)]
Test export/import context functions
Simo Sorce [Mon, 16 Dec 2013 01:19:04 +0000 (20:19 -0500)]
Implement import context function
Simo Sorce [Sun, 15 Dec 2013 01:37:09 +0000 (20:37 -0500)]
Implement export context function
The Export format version is set to 0.1
Long term keys are not exported.
Simo Sorce [Sat, 14 Dec 2013 21:55:40 +0000 (16:55 -0500)]
Add import/export functions for the RC4 state
Simo Sorce [Sat, 14 Dec 2013 21:29:45 +0000 (16:29 -0500)]
Use RC4 instead of EVP interface of openssl
This makes it much easier to export/import the crypto state.
In preparation for implemeting import/export of context.
Simo Sorce [Mon, 16 Dec 2013 01:09:56 +0000 (20:09 -0500)]
Fix potential leaks in delete_context
Free RC4 state if any
Free workstations tring if any
Also make sure to safely zero the struct before freeing to avoid leaking any
key material.
Simo Sorce [Sun, 15 Dec 2013 05:11:06 +0000 (00:11 -0500)]
Do not copy creds on the context
There is no need to copy creds around, they are always available
or retrievable.
Stefan Becker [Fri, 13 Dec 2013 22:03:01 +0000 (17:03 -0500)]
Fix memleaks in init_sec_context
Simo Sorce [Fri, 13 Dec 2013 20:48:19 +0000 (15:48 -0500)]
Fix memory leak with gssntlm_names
Thanks to Stefan Becker <chemobejk@gmail.com> for finding this leak.
Simo Sorce [Sat, 23 Nov 2013 20:18:36 +0000 (15:18 -0500)]
Fix spec file krb5-libs dep
Simo Sorce [Sat, 23 Nov 2013 20:09:59 +0000 (15:09 -0500)]
Fix NTLM specific cred_store prefixes
Can't use ':' in the prefix name as ':' is the separator between prefix and
values.
Simo Sorce [Fri, 25 Oct 2013 00:59:46 +0000 (20:59 -0400)]
Bump up version number to prerelease level
Simo Sorce [Fri, 25 Oct 2013 00:57:40 +0000 (20:57 -0400)]
Add methods to inquire credentials
Also add simple sanity check test.
Simo Sorce [Tue, 22 Oct 2013 15:50:13 +0000 (11:50 -0400)]
Add support for NTLMv1 Signing and Sealing
Including tests to verify conformance to MS-NLMP
Simo Sorce [Sat, 19 Oct 2013 18:59:03 +0000 (14:59 -0400)]
Add CRC32 function using Zlib's crc32
Simo Sorce [Wed, 23 Oct 2013 12:52:51 +0000 (08:52 -0400)]
Fix URLs with new upstream locations
Simo Sorce [Fri, 18 Oct 2013 21:55:02 +0000 (17:55 -0400)]
Release 0.2.0
Simo Sorce [Thu, 17 Oct 2013 15:37:47 +0000 (11:37 -0400)]
Test connectionless contexts
Simo Sorce [Thu, 17 Oct 2013 04:57:55 +0000 (00:57 -0400)]
Support connectionless signing and sealing.
In connectionless mode (GSS_C_DATAGRAM_FLAG on) sealing keys
ust be rotated for each message.
Simo Sorce [Thu, 17 Oct 2013 01:51:16 +0000 (21:51 -0400)]
Add way to set sequence numbres.
In NTLMSSP connectionless mode applications are supposed to provide the
sequence number, however GSSAPI's get_mic and verify_mic functions do
not allow to pass an explicit sequence number.
Allow to override the context sequence numbers using a custom oid and
implemnting gss_set_sec_context_option()
Allows the operation only if the context is in connectionless mode.
Simo Sorce [Wed, 16 Oct 2013 15:04:30 +0000 (11:04 -0400)]
Add support for connectionless mode
This needs a new GSSAPI flag, for now grab a number and define
GSS_C_DATAGRAM_FLAG ourselves.
Simo Sorce [Wed, 16 Oct 2013 21:59:35 +0000 (17:59 -0400)]
Add public devel header file
This contains definitions for various OIDs and flags needed to
implemented non-standard features like NTLMSSP Connectionless mode.
Simo Sorce [Fri, 18 Oct 2013 18:45:50 +0000 (14:45 -0400)]
Add special case for enterprise names
When enterprise names are used they need to be passed with the embedded
'@' signed escaped with a '\', when that is done the whole name is used
as the user name and the name is not split on the @ or \ characters.
These forms are now supported:
foo
USERNAME: foo
DOMAIN: <null>
BAR\foo
USERNAME: foo
DOMAIN: BAR
foo@BAR
USERNAME: foo
DOMAIN: BAR
foo\@bar.example.com
USERNAME: foo\@bar.example.com
DOMAIN: <null>
Simo Sorce [Fri, 18 Oct 2013 18:54:25 +0000 (14:54 -0400)]
Treat NO OID as GSS_C_NT_USER_NAME on import
Simo Sorce [Thu, 17 Oct 2013 04:53:17 +0000 (00:53 -0400)]
Fix potential segfault condition in RC4_FREE
Simo Sorce [Thu, 17 Oct 2013 15:26:49 +0000 (11:26 -0400)]
Fix generation of signing keys and add tests
Simo Sorce [Fri, 18 Oct 2013 13:00:02 +0000 (09:00 -0400)]
Fix symbols export regex to include gssspi_ too.
Thanks to David Woodhouse for finding out.
Simo Sorce [Thu, 17 Oct 2013 06:07:33 +0000 (02:07 -0400)]
Test acquire_cred_with_password
Simo Sorce [Wed, 16 Oct 2013 17:10:38 +0000 (13:10 -0400)]
Add support for gss_acquire_cred_with_password()
Simo Sorce [Wed, 16 Oct 2013 17:36:23 +0000 (13:36 -0400)]
Fix handling of NULL domain
Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.
Fix segfault in accept_sec_context, just make dom_name be an empty string.
Fix also memory leaks.
Simo Sorce [Wed, 16 Oct 2013 17:05:52 +0000 (13:05 -0400)]
Fix acquiring creds via cred_store
Make sure to set the cred type and copy in the name.
Simo Sorce [Mon, 14 Oct 2013 21:19:52 +0000 (17:19 -0400)]
Streamline spec file.
Fixes as requested by Fedora review
Simo Sorce [Thu, 17 Oct 2013 05:25:20 +0000 (01:25 -0400)]
Bump up version number afeter 0.1.0 release
Simo Sorce [Mon, 14 Oct 2013 13:53:51 +0000 (09:53 -0400)]
Correct upstream page in spec
Simo Sorce [Sun, 13 Oct 2013 16:41:13 +0000 (12:41 -0400)]
Make version 0.1.0
Simo Sorce [Sun, 13 Oct 2013 16:38:59 +0000 (12:38 -0400)]
Fix typos in README.txt
Simo Sorce [Thu, 22 Aug 2013 02:48:22 +0000 (22:48 -0400)]
Add more tests.
Cover gss_inquire_context and gss_display_name implementations.
Simo Sorce [Thu, 22 Aug 2013 02:35:17 +0000 (22:35 -0400)]
Add gss_display_name implementation
Simo Sorce [Thu, 22 Aug 2013 02:05:45 +0000 (22:05 -0400)]
Add implementation of gss_inquire_context
Also add source and target names to the context.
Simo Sorce [Mon, 19 Aug 2013 01:01:35 +0000 (21:01 -0400)]
Test Integrity and Confidentiality
Simo Sorce [Sun, 18 Aug 2013 05:04:30 +0000 (01:04 -0400)]
Add integrity and confidentiality functions
Simo Sorce [Sat, 27 Jul 2013 22:11:54 +0000 (18:11 -0400)]
Add testsing of gssntlm mechglue functions
Simo Sorce [Sat, 27 Jul 2013 17:57:56 +0000 (13:57 -0400)]
Basic implementation of accept_sec_context
For now works only for satndalone server with access to a password file.
Simo Sorce [Sat, 27 Jul 2013 22:37:51 +0000 (18:37 -0400)]
Add support for server credentials
Simo Sorce [Sat, 27 Jul 2013 20:46:42 +0000 (16:46 -0400)]
Add helper to copy names and gss_duplicate_name
Simo Sorce [Sat, 27 Jul 2013 19:37:05 +0000 (15:37 -0400)]
Internal release name
Simo Sorce [Sat, 27 Jul 2013 17:51:52 +0000 (13:51 -0400)]
Helper function to check lm compatibility level
Also stop associating it with th creds struct.
Simo Sorce [Sun, 21 Jul 2013 16:59:44 +0000 (12:59 -0400)]
Fix message type check
Simo Sorce [Sun, 21 Jul 2013 05:55:22 +0000 (01:55 -0400)]
Add gss_context_time() implementation
Simo Sorce [Sun, 21 Jul 2013 06:01:59 +0000 (02:01 -0400)]
Helper function to check security context validity
Simo Sorce [Sun, 21 Jul 2013 05:43:54 +0000 (01:43 -0400)]
Add expiration time checks
Check Maxlife for challenge response messages.
Also add a Maximum lifetime for the context itself based on the
same challene/response maximum life.
According to MS-NLMP MaxLifetime is 36h on modern Windows OSs, use
the same for now.
Simo Sorce [Sun, 21 Jul 2013 04:57:25 +0000 (00:57 -0400)]
Add Credential Store support
This allows a program to feed crdentials directly to GSSAPI from a
configuration file, or other means.
Simo Sorce [Sat, 20 Jul 2013 17:01:04 +0000 (13:01 -0400)]
Fix some comments
Simo Sorce [Sun, 28 Jul 2013 17:15:47 +0000 (13:15 -0400)]
Fix target_info length calculation
The size of the AV filed itself was missing for each field resulting in a
shorter than needed buffer size.
Simo Sorce [Fri, 19 Jul 2013 16:03:22 +0000 (12:03 -0400)]
Always request NTLMSSP_REQUEST_TARGET
Otherwise Windows 2003 may not return a target_info field for NTLMv2 or a
server name for NTLMv1 in the challenge message.
Thanks to David Woodhouse for providing help to debug this issue.
Simo Sorce [Fri, 19 Jul 2013 02:36:58 +0000 (22:36 -0400)]
Add README.txt with section on Testing
Simo Sorce [Thu, 18 Jul 2013 20:23:36 +0000 (16:23 -0400)]
Add NTLMv1 support to context initialization
Simo Sorce [Wed, 17 Jul 2013 07:20:16 +0000 (03:20 -0400)]
Add NTLM Crypto support functions for NTLMv1
Simo Sorce [Tue, 16 Jul 2013 12:34:47 +0000 (08:34 -0400)]
Add basic NTLMv2 crypto tests
Simo Sorce [Sun, 14 Jul 2013 18:38:59 +0000 (14:38 -0400)]
Implement basic naming functions
Simo Sorce [Tue, 9 Jul 2013 03:27:39 +0000 (23:27 -0400)]
Implement credential handling
Simo Sorce [Sun, 23 Jun 2013 16:02:47 +0000 (12:02 -0400)]
Initial GSS Mechanism code.
Implements init sec context and basic mechanism initialization.
Simo Sorce [Thu, 4 Jul 2013 20:37:12 +0000 (16:37 -0400)]
NTLM Crypto functions
Adds crypto function helpers needed by NTLM authentication
Simo Sorce [Sun, 23 Jun 2013 16:20:44 +0000 (12:20 -0400)]
Initial NTLM message parsing library
Implements functions to encode/decode NTLMSSP packets
Simo Sorce [Wed, 26 Jun 2013 02:36:35 +0000 (22:36 -0400)]
Initial .gitignore file
Simo Sorce [Sat, 22 Jun 2013 20:16:00 +0000 (16:16 -0400)]
Scheleton to start bulding the GSS-NTLMSSP project.