From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Thomas Fitzsimmons Newsgroups: gmane.emacs.bugs Subject: bug#15603: [PATCH] Add NTLM2 session support to ntlm.el Date: Sun, 13 Oct 2013 13:22:00 -0400 Message-ID: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: ger.gmane.org 1381684994 6897 80.91.229.3 (13 Oct 2013 17:23:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 13 Oct 2013 17:23:14 +0000 (UTC) To: 15603@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Oct 13 19:23:17 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VVPNs-0002gF-Q8 for geb-bug-gnu-emacs@m.gmane.org; Sun, 13 Oct 2013 19:23:17 +0200 Original-Received: from localhost ([::1]:33919 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPNs-0006FF-CK for geb-bug-gnu-emacs@m.gmane.org; Sun, 13 Oct 2013 13:23:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35896) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPNj-0006Ew-3v for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:23:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VVPNe-0001KD-OW for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:23:07 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:60411) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPNe-0001K7-L6 for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:23:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1VVPNd-00035Y-Qu for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:23:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Thomas Fitzsimmons Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 13 Oct 2013 17:23:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 15603 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.138168494811817 (code B ref -1); Sun, 13 Oct 2013 17:23:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 13 Oct 2013 17:22:28 +0000 Original-Received: from localhost ([127.0.0.1]:46194 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VVPN6-00034W-0N for submit@debbugs.gnu.org; Sun, 13 Oct 2013 13:22:28 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:34032) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VVPN3-00034K-TE for submit@debbugs.gnu.org; Sun, 13 Oct 2013 13:22:26 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VVPMt-00017T-7s for submit@debbugs.gnu.org; Sun, 13 Oct 2013 13:22:20 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:42838) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPMt-00017O-4W for submit@debbugs.gnu.org; Sun, 13 Oct 2013 13:22:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35745) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPMn-0005wF-Ul for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:22:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VVPMi-00010H-Ej for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:22:09 -0400 Original-Received: from mail-ie0-f172.google.com ([209.85.223.172]:47603) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VVPMi-00010A-9r for bug-gnu-emacs@gnu.org; Sun, 13 Oct 2013 13:22:04 -0400 Original-Received: by mail-ie0-f172.google.com with SMTP id x13so13162192ief.17 for ; Sun, 13 Oct 2013 10:22:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version:content-type; bh=xxuE032Hhn/C7HXS/yasPxyLLdlN4iAQtFbMZzWtoaQ=; b=cwUHINfS1QexpmMXK5ZNFv2FfGPorCn62Z/FZaaufnRJKB7mjPcT/EWAUWlbsIscNX /+9o7eMElT+UYBjKOFzCoX51UezepAotfFW2vGuizh/54HGgyB7oQ7c8LHiJGziCiMTJ Qa5vm6hNeWqCwZvdam0T/tNnSgSyo9lnRyZruq3s2/QB+O/veMWkLxmm49qOI95Rb3KA eKk4OnaLCpfZsE4D7+wxksYckp/M44CG9o6zZx42Uz+MTg+iBc2oMiRAYyqGdIES+eOb awpyEcNntLPpuKP6W1IcCEKXsX6Y4OXHGmABH5lQxRAdcd+YOBsllU0vTvbFggPq7+GB 5eKQ== X-Gm-Message-State: ALoCoQnecvG5cC7jBN5hJTWKA1prplAaWn+tYhbV3Mo7Wef75O+F0dtufSYNYIhvZLKEUDteoUZJ X-Received: by 10.50.164.165 with SMTP id yr5mr10240078igb.38.1381684922708; Sun, 13 Oct 2013 10:22:02 -0700 (PDT) Original-Received: from localhost.localdomain (69-165-165-189.dsl.teksavvy.com. [69.165.165.189]) by mx.google.com with ESMTPSA id q6sm16043901igi.0.2013.10.13.10.22.01 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sun, 13 Oct 2013 10:22:02 -0700 (PDT) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:79226 Archived-At: --=-=-= Content-Type: text/plain ntlm.el does not support the NTLM2 Session protocol [1]; web services that require an NTLM2 Session response for HTTP authentication reject connections from Emacs (via [2]). The attached patch adds support for this variant of the protocol. Thomas 1. http://en.wikipedia.org/wiki/NTLM#NTLM2_Session 2. http://code.google.com/p/url-http-ntlm/ 2013-10-13 Thomas Fitzsimmons * net/ntlm.el (ntlm-build-auth-response): Add NTLM2 Session support. --=-=-= Content-Type: text/plain Content-Disposition: inline; filename=emacs-ntlm2-session-response-support.patch === modified file 'lisp/net/ntlm.el' *** lisp/net/ntlm.el 2013-01-01 09:11:05 +0000 --- lisp/net/ntlm.el 2013-10-13 12:51:34 +0000 *************** is not given." *** 80,87 **** (request-msgType (concat (make-string 1 1) (make-string 3 0))) ;0x01 0x00 0x00 0x00 (request-flags (concat (make-string 1 7) (make-string 1 178) ! (make-string 2 0))) ! ;0x07 0xb2 0x00 0x00 lu ld off-d off-u) (when (string-match "@" user) (unless domain --- 80,87 ---- (request-msgType (concat (make-string 1 1) (make-string 3 0))) ;0x01 0x00 0x00 0x00 (request-flags (concat (make-string 1 7) (make-string 1 178) ! (make-string 1 8) (make-string 1 0))) ! ;0x07 0xb2 0x08 0x00 lu ld off-d off-u) (when (string-match "@" user) (unless domain *************** by PASSWORD-HASHES. PASSWORD-HASHES sho *** 144,154 **** (setq domain (substring user (1+ (match-beginning 0)))) (setq user (substring user 0 (match-beginning 0)))) ! ;; generate response data ! (setq lmRespData ! (ntlm-smb-owf-encrypt (car password-hashes) challengeData)) ! (setq ntRespData ! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData)) ;; get offsets to fields to pack the response struct in a string (setq lu (length user)) --- 144,178 ---- (setq domain (substring user (1+ (match-beginning 0)))) (setq user (substring user 0 (match-beginning 0)))) ! ;; check if "negotiate NTLM2 key" flag is set in type 2 message ! (if (not (zerop (logand (aref flags 2) 8))) ! (let (randomString ! sessionHash) ! ;; generate NTLM2 session response data ! (setq randomString (string-make-unibyte ! (concat ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256)) ! (make-string 1 (random 256))))) ! (setq sessionHash (secure-hash 'md5 ! (concat challengeData randomString) ! nil nil t)) ! (setq sessionHash (substring sessionHash 0 8)) ! ! (setq lmRespData (concat randomString (make-string 16 0))) ! (setq ntRespData (ntlm-smb-owf-encrypt ! (cadr password-hashes) sessionHash))) ! (progn ! ;; generate response data ! (setq lmRespData ! (ntlm-smb-owf-encrypt (car password-hashes) challengeData)) ! (setq ntRespData ! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData)))) ;; get offsets to fields to pack the response struct in a string (setq lu (length user)) --=-=-=--