[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15603: [PATCH] Add NTLM2 session support to ntlm.el
|
From: |
Thomas Fitzsimmons |
|
Subject: |
bug#15603: [PATCH] Add NTLM2 session support to ntlm.el |
|
Date: |
Sun, 13 Oct 2013 13:22:00 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) |
ntlm.el does not support the NTLM2 Session protocol [1]; web services
that require an NTLM2 Session response for HTTP authentication reject
connections from Emacs (via [2]). The attached patch adds support for
this variant of the protocol.
Thomas
1. http://en.wikipedia.org/wiki/NTLM#NTLM2_Session
2. http://code.google.com/p/url-http-ntlm/
2013-10-13 Thomas Fitzsimmons <fitzsim@fitzsim.org>
* net/ntlm.el (ntlm-build-auth-response): Add NTLM2 Session
support.
=== modified file 'lisp/net/ntlm.el'
*** lisp/net/ntlm.el 2013-01-01 09:11:05 +0000
--- lisp/net/ntlm.el 2013-10-13 12:51:34 +0000
*************** is not given."
*** 80,87 ****
(request-msgType (concat (make-string 1 1) (make-string 3 0)))
;0x01 0x00 0x00 0x00
(request-flags (concat (make-string 1 7) (make-string 1 178)
! (make-string 2 0)))
! ;0x07 0xb2 0x00 0x00
lu ld off-d off-u)
(when (string-match "@" user)
(unless domain
--- 80,87 ----
(request-msgType (concat (make-string 1 1) (make-string 3 0)))
;0x01 0x00 0x00 0x00
(request-flags (concat (make-string 1 7) (make-string 1 178)
! (make-string 1 8) (make-string 1 0)))
! ;0x07 0xb2 0x08 0x00
lu ld off-d off-u)
(when (string-match "@" user)
(unless domain
*************** by PASSWORD-HASHES. PASSWORD-HASHES sho
*** 144,154 ****
(setq domain (substring user (1+ (match-beginning 0))))
(setq user (substring user 0 (match-beginning 0))))
! ;; generate response data
! (setq lmRespData
! (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! (setq ntRespData
! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))
;; get offsets to fields to pack the response struct in a string
(setq lu (length user))
--- 144,178 ----
(setq domain (substring user (1+ (match-beginning 0))))
(setq user (substring user 0 (match-beginning 0))))
! ;; check if "negotiate NTLM2 key" flag is set in type 2 message
! (if (not (zerop (logand (aref flags 2) 8)))
! (let (randomString
! sessionHash)
! ;; generate NTLM2 session response data
! (setq randomString (string-make-unibyte
! (concat
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256)))))
! (setq sessionHash (secure-hash 'md5
! (concat challengeData randomString)
! nil nil t))
! (setq sessionHash (substring sessionHash 0 8))
!
! (setq lmRespData (concat randomString (make-string 16 0)))
! (setq ntRespData (ntlm-smb-owf-encrypt
! (cadr password-hashes) sessionHash)))
! (progn
! ;; generate response data
! (setq lmRespData
! (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! (setq ntRespData
! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
;; get offsets to fields to pack the response struct in a string
(setq lu (length user))
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#15603: [PATCH] Add NTLM2 session support to ntlm.el,
Thomas Fitzsimmons <=