summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Simo Sorce [Tue, 22 Oct 2013 15:50:13 +0000 (11:50 -0400)]
Add support for NTLMv1 Signing and Sealing
Including tests to verify conformance to MS-NLMP
Simo Sorce [Sat, 19 Oct 2013 18:59:03 +0000 (14:59 -0400)]
Add CRC32 function using Zlib's crc32
Simo Sorce [Fri, 18 Oct 2013 21:55:02 +0000 (17:55 -0400)]
Release 0.2.0
Simo Sorce [Thu, 17 Oct 2013 15:37:47 +0000 (11:37 -0400)]
Test connectionless contexts
Simo Sorce [Thu, 17 Oct 2013 04:57:55 +0000 (00:57 -0400)]
Support connectionless signing and sealing.
In connectionless mode (GSS_C_DATAGRAM_FLAG on) sealing keys
ust be rotated for each message.
Simo Sorce [Thu, 17 Oct 2013 01:51:16 +0000 (21:51 -0400)]
Add way to set sequence numbres.
In NTLMSSP connectionless mode applications are supposed to provide the
sequence number, however GSSAPI's get_mic and verify_mic functions do
not allow to pass an explicit sequence number.
Allow to override the context sequence numbers using a custom oid and
implemnting gss_set_sec_context_option()
Allows the operation only if the context is in connectionless mode.
Simo Sorce [Wed, 16 Oct 2013 15:04:30 +0000 (11:04 -0400)]
Add support for connectionless mode
This needs a new GSSAPI flag, for now grab a number and define
GSS_C_DATAGRAM_FLAG ourselves.
Simo Sorce [Wed, 16 Oct 2013 21:59:35 +0000 (17:59 -0400)]
Add public devel header file
This contains definitions for various OIDs and flags needed to
implemented non-standard features like NTLMSSP Connectionless mode.
Simo Sorce [Fri, 18 Oct 2013 18:45:50 +0000 (14:45 -0400)]
Add special case for enterprise names
When enterprise names are used they need to be passed with the embedded
'@' signed escaped with a '\', when that is done the whole name is used
as the user name and the name is not split on the @ or \ characters.
These forms are now supported:
foo
USERNAME: foo
DOMAIN: <null>
BAR\foo
USERNAME: foo
DOMAIN: BAR
foo@BAR
USERNAME: foo
DOMAIN: BAR
foo\@bar.example.com
USERNAME: foo\@bar.example.com
DOMAIN: <null>
Simo Sorce [Fri, 18 Oct 2013 18:54:25 +0000 (14:54 -0400)]
Treat NO OID as GSS_C_NT_USER_NAME on import
Simo Sorce [Thu, 17 Oct 2013 04:53:17 +0000 (00:53 -0400)]
Fix potential segfault condition in RC4_FREE
Simo Sorce [Thu, 17 Oct 2013 15:26:49 +0000 (11:26 -0400)]
Fix generation of signing keys and add tests
Simo Sorce [Fri, 18 Oct 2013 13:00:02 +0000 (09:00 -0400)]
Fix symbols export regex to include gssspi_ too.
Thanks to David Woodhouse for finding out.
Simo Sorce [Thu, 17 Oct 2013 06:07:33 +0000 (02:07 -0400)]
Test acquire_cred_with_password
Simo Sorce [Wed, 16 Oct 2013 17:10:38 +0000 (13:10 -0400)]
Add support for gss_acquire_cred_with_password()
Simo Sorce [Wed, 16 Oct 2013 17:36:23 +0000 (13:36 -0400)]
Fix handling of NULL domain
Fix segafult in NTOWFv2. When domain is NULL it is just omitted from the
NTOWFv2 computation.
Fix segfault in accept_sec_context, just make dom_name be an empty string.
Fix also memory leaks.
Simo Sorce [Wed, 16 Oct 2013 17:05:52 +0000 (13:05 -0400)]
Fix acquiring creds via cred_store
Make sure to set the cred type and copy in the name.
Simo Sorce [Mon, 14 Oct 2013 21:19:52 +0000 (17:19 -0400)]
Streamline spec file.
Fixes as requested by Fedora review
Simo Sorce [Thu, 17 Oct 2013 05:25:20 +0000 (01:25 -0400)]
Bump up version number afeter 0.1.0 release
Simo Sorce [Mon, 14 Oct 2013 13:53:51 +0000 (09:53 -0400)]
Correct upstream page in spec
Simo Sorce [Sun, 13 Oct 2013 16:41:13 +0000 (12:41 -0400)]
Make version 0.1.0
Simo Sorce [Sun, 13 Oct 2013 16:38:59 +0000 (12:38 -0400)]
Fix typos in README.txt
Simo Sorce [Thu, 22 Aug 2013 02:48:22 +0000 (22:48 -0400)]
Add more tests.
Cover gss_inquire_context and gss_display_name implementations.
Simo Sorce [Thu, 22 Aug 2013 02:35:17 +0000 (22:35 -0400)]
Add gss_display_name implementation
Simo Sorce [Thu, 22 Aug 2013 02:05:45 +0000 (22:05 -0400)]
Add implementation of gss_inquire_context
Also add source and target names to the context.
Simo Sorce [Mon, 19 Aug 2013 01:01:35 +0000 (21:01 -0400)]
Test Integrity and Confidentiality
Simo Sorce [Sun, 18 Aug 2013 05:04:30 +0000 (01:04 -0400)]
Add integrity and confidentiality functions
Simo Sorce [Sat, 27 Jul 2013 22:11:54 +0000 (18:11 -0400)]
Add testsing of gssntlm mechglue functions
Simo Sorce [Sat, 27 Jul 2013 17:57:56 +0000 (13:57 -0400)]
Basic implementation of accept_sec_context
For now works only for satndalone server with access to a password file.
Simo Sorce [Sat, 27 Jul 2013 22:37:51 +0000 (18:37 -0400)]
Add support for server credentials
Simo Sorce [Sat, 27 Jul 2013 20:46:42 +0000 (16:46 -0400)]
Add helper to copy names and gss_duplicate_name
Simo Sorce [Sat, 27 Jul 2013 19:37:05 +0000 (15:37 -0400)]
Internal release name
Simo Sorce [Sat, 27 Jul 2013 17:51:52 +0000 (13:51 -0400)]
Helper function to check lm compatibility level
Also stop associating it with th creds struct.
Simo Sorce [Sun, 21 Jul 2013 16:59:44 +0000 (12:59 -0400)]
Fix message type check
Simo Sorce [Sun, 21 Jul 2013 05:55:22 +0000 (01:55 -0400)]
Add gss_context_time() implementation
Simo Sorce [Sun, 21 Jul 2013 06:01:59 +0000 (02:01 -0400)]
Helper function to check security context validity
Simo Sorce [Sun, 21 Jul 2013 05:43:54 +0000 (01:43 -0400)]
Add expiration time checks
Check Maxlife for challenge response messages.
Also add a Maximum lifetime for the context itself based on the
same challene/response maximum life.
According to MS-NLMP MaxLifetime is 36h on modern Windows OSs, use
the same for now.
Simo Sorce [Sun, 21 Jul 2013 04:57:25 +0000 (00:57 -0400)]
Add Credential Store support
This allows a program to feed crdentials directly to GSSAPI from a
configuration file, or other means.
Simo Sorce [Sat, 20 Jul 2013 17:01:04 +0000 (13:01 -0400)]
Fix some comments
Simo Sorce [Sun, 28 Jul 2013 17:15:47 +0000 (13:15 -0400)]
Fix target_info length calculation
The size of the AV filed itself was missing for each field resulting in a
shorter than needed buffer size.
Simo Sorce [Fri, 19 Jul 2013 16:03:22 +0000 (12:03 -0400)]
Always request NTLMSSP_REQUEST_TARGET
Otherwise Windows 2003 may not return a target_info field for NTLMv2 or a
server name for NTLMv1 in the challenge message.
Thanks to David Woodhouse for providing help to debug this issue.
Simo Sorce [Fri, 19 Jul 2013 02:36:58 +0000 (22:36 -0400)]
Add README.txt with section on Testing
Simo Sorce [Thu, 18 Jul 2013 20:23:36 +0000 (16:23 -0400)]
Add NTLMv1 support to context initialization
Simo Sorce [Wed, 17 Jul 2013 07:20:16 +0000 (03:20 -0400)]
Add NTLM Crypto support functions for NTLMv1
Simo Sorce [Tue, 16 Jul 2013 12:34:47 +0000 (08:34 -0400)]
Add basic NTLMv2 crypto tests
Simo Sorce [Sun, 14 Jul 2013 18:38:59 +0000 (14:38 -0400)]
Implement basic naming functions
Simo Sorce [Tue, 9 Jul 2013 03:27:39 +0000 (23:27 -0400)]
Implement credential handling
Simo Sorce [Sun, 23 Jun 2013 16:02:47 +0000 (12:02 -0400)]
Initial GSS Mechanism code.
Implements init sec context and basic mechanism initialization.
Simo Sorce [Thu, 4 Jul 2013 20:37:12 +0000 (16:37 -0400)]
NTLM Crypto functions
Adds crypto function helpers needed by NTLM authentication
Simo Sorce [Sun, 23 Jun 2013 16:20:44 +0000 (12:20 -0400)]
Initial NTLM message parsing library
Implements functions to encode/decode NTLMSSP packets
Simo Sorce [Wed, 26 Jun 2013 02:36:35 +0000 (22:36 -0400)]
Initial .gitignore file
Simo Sorce [Sat, 22 Jun 2013 20:16:00 +0000 (16:16 -0400)]
Scheleton to start bulding the GSS-NTLMSSP project.