bug#15603: [PATCH] Add NTLM2 session support to ntlm.el

bug#15603: [PATCH] Add NTLM2 session support to ntlm.el

[Thomas Fitzsimmons]

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

ntlm.el does not support the NTLM2 Session protocol [1]; web services
that require an NTLM2 Session response for HTTP authentication reject
connections from Emacs (via [2]).  The attached patch adds support for
this variant of the protocol.

Thomas

1. http://en.wikipedia.org/wiki/NTLM#NTLM2_Session
2. http://code.google.com/p/url-http-ntlm/

2013-10-13  Thomas Fitzsimmons  <fitzsim@fitzsim.org>

	* net/ntlm.el (ntlm-build-auth-response): Add NTLM2 Session
	support.


[-- Attachment #2: emacs-ntlm2-session-response-support.patch --]
[-- Type: text/plain, Size: 2715 bytes --]

=== modified file 'lisp/net/ntlm.el'
*** lisp/net/ntlm.el	2013-01-01 09:11:05 +0000
--- lisp/net/ntlm.el	2013-10-13 12:51:34 +0000
*************** is not given."
*** 80,87 ****
  	(request-msgType (concat (make-string 1 1) (make-string 3 0)))
  					;0x01 0x00 0x00 0x00
  	(request-flags (concat (make-string 1 7) (make-string 1 178)
! 			       (make-string 2 0)))
! 					;0x07 0xb2 0x00 0x00
  	lu ld off-d off-u)
      (when (string-match "@" user)
        (unless domain
--- 80,87 ----
  	(request-msgType (concat (make-string 1 1) (make-string 3 0)))
  					;0x01 0x00 0x00 0x00
  	(request-flags (concat (make-string 1 7) (make-string 1 178)
! 			       (make-string 1 8) (make-string 1 0)))
! 					;0x07 0xb2 0x08 0x00
  	lu ld off-d off-u)
      (when (string-match "@" user)
        (unless domain
*************** by PASSWORD-HASHES.  PASSWORD-HASHES sho
*** 144,154 ****
        (setq domain (substring user (1+ (match-beginning 0))))
        (setq user (substring user 0 (match-beginning 0))))
  
!     ;; generate response data
!     (setq lmRespData
! 	  (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
!     (setq ntRespData
! 	  (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))
  
      ;; get offsets to fields to pack the response struct in a string
      (setq lu (length user))
--- 144,178 ----
        (setq domain (substring user (1+ (match-beginning 0))))
        (setq user (substring user 0 (match-beginning 0))))
  
!     ;; check if "negotiate NTLM2 key" flag is set in type 2 message
!     (if (not (zerop (logand (aref flags 2) 8)))
! 	(let (randomString
! 	      sessionHash)
! 	  ;; generate NTLM2 session response data
! 	  (setq randomString (string-make-unibyte
! 			      (concat
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256)))))
! 	  (setq sessionHash (secure-hash 'md5
! 					 (concat challengeData randomString)
! 					 nil nil t))
! 	  (setq sessionHash (substring sessionHash 0 8))
! 
! 	  (setq lmRespData (concat randomString (make-string 16 0)))
! 	  (setq ntRespData (ntlm-smb-owf-encrypt
! 			    (cadr password-hashes) sessionHash)))
!       (progn
! 	;; generate response data
! 	(setq lmRespData
! 	      (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! 	(setq ntRespData
! 	      (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
  
      ;; get offsets to fields to pack the response struct in a string
      (setq lu (length user))

bug#15603: [PATCH] Add NTLM2 session support to ntlm.el

[Thomas Fitzsimmons]

Hi,

I just confirmed that this patch still applies to trunk.  In December
2013 Chong Yidong requested that I make a copyright assignment for it,
and that's in place now.  Can this go into trunk?

Thanks,
Thomas

bug#15603: [PATCH] Add NTLM2 session support to ntlm.el

[Glenn Morris]

Version: 25.1

Thanks; applied (mindlessly, since I have no idea what this is).