From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
To: 15603@debbugs.gnu.org
Subject: bug#15603: [PATCH] Add NTLM2 session support to ntlm.el
Date: Sun, 13 Oct 2013 13:22:00 -0400 [thread overview]
Message-ID: <m3haclnl1j.fsf@fitzsim.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 472 bytes --]
ntlm.el does not support the NTLM2 Session protocol [1]; web services
that require an NTLM2 Session response for HTTP authentication reject
connections from Emacs (via [2]). The attached patch adds support for
this variant of the protocol.
Thomas
1. http://en.wikipedia.org/wiki/NTLM#NTLM2_Session
2. http://code.google.com/p/url-http-ntlm/
2013-10-13 Thomas Fitzsimmons <fitzsim@fitzsim.org>
* net/ntlm.el (ntlm-build-auth-response): Add NTLM2 Session
support.
[-- Attachment #2: emacs-ntlm2-session-response-support.patch --]
[-- Type: text/plain, Size: 2715 bytes --]
=== modified file 'lisp/net/ntlm.el'
*** lisp/net/ntlm.el 2013-01-01 09:11:05 +0000
--- lisp/net/ntlm.el 2013-10-13 12:51:34 +0000
*************** is not given."
*** 80,87 ****
(request-msgType (concat (make-string 1 1) (make-string 3 0)))
;0x01 0x00 0x00 0x00
(request-flags (concat (make-string 1 7) (make-string 1 178)
! (make-string 2 0)))
! ;0x07 0xb2 0x00 0x00
lu ld off-d off-u)
(when (string-match "@" user)
(unless domain
--- 80,87 ----
(request-msgType (concat (make-string 1 1) (make-string 3 0)))
;0x01 0x00 0x00 0x00
(request-flags (concat (make-string 1 7) (make-string 1 178)
! (make-string 1 8) (make-string 1 0)))
! ;0x07 0xb2 0x08 0x00
lu ld off-d off-u)
(when (string-match "@" user)
(unless domain
*************** by PASSWORD-HASHES. PASSWORD-HASHES sho
*** 144,154 ****
(setq domain (substring user (1+ (match-beginning 0))))
(setq user (substring user 0 (match-beginning 0))))
! ;; generate response data
! (setq lmRespData
! (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! (setq ntRespData
! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))
;; get offsets to fields to pack the response struct in a string
(setq lu (length user))
--- 144,178 ----
(setq domain (substring user (1+ (match-beginning 0))))
(setq user (substring user 0 (match-beginning 0))))
! ;; check if "negotiate NTLM2 key" flag is set in type 2 message
! (if (not (zerop (logand (aref flags 2) 8)))
! (let (randomString
! sessionHash)
! ;; generate NTLM2 session response data
! (setq randomString (string-make-unibyte
! (concat
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256))
! (make-string 1 (random 256)))))
! (setq sessionHash (secure-hash 'md5
! (concat challengeData randomString)
! nil nil t))
! (setq sessionHash (substring sessionHash 0 8))
!
! (setq lmRespData (concat randomString (make-string 16 0)))
! (setq ntRespData (ntlm-smb-owf-encrypt
! (cadr password-hashes) sessionHash)))
! (progn
! ;; generate response data
! (setq lmRespData
! (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! (setq ntRespData
! (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
;; get offsets to fields to pack the response struct in a string
(setq lu (length user))
next reply other threads:[~2013-10-13 17:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-13 17:22 Thomas Fitzsimmons [this message]
2014-06-21 14:10 ` bug#15603: [PATCH] Add NTLM2 session support to ntlm.el Thomas Fitzsimmons
2014-10-04 19:24 ` Glenn Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3haclnl1j.fsf@fitzsim.org \
--to=fitzsim@fitzsim.org \
--cc=15603@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.