bug#15603: [PATCH] Add NTLM2 session support to ntlm.el

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Thomas Fitzsimmons <fitzsim@fitzsim.org>
To: 15603@debbugs.gnu.org
Subject: bug#15603: [PATCH] Add NTLM2 session support to ntlm.el
Date: Sun, 13 Oct 2013 13:22:00 -0400	[thread overview]
Message-ID: <m3haclnl1j.fsf@fitzsim.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

ntlm.el does not support the NTLM2 Session protocol [1]; web services
that require an NTLM2 Session response for HTTP authentication reject
connections from Emacs (via [2]).  The attached patch adds support for
this variant of the protocol.

Thomas

1. http://en.wikipedia.org/wiki/NTLM#NTLM2_Session
2. http://code.google.com/p/url-http-ntlm/

2013-10-13  Thomas Fitzsimmons  <fitzsim@fitzsim.org>

	* net/ntlm.el (ntlm-build-auth-response): Add NTLM2 Session
	support.


[-- Attachment #2: emacs-ntlm2-session-response-support.patch --]
[-- Type: text/plain, Size: 2715 bytes --]

=== modified file 'lisp/net/ntlm.el'
*** lisp/net/ntlm.el	2013-01-01 09:11:05 +0000
--- lisp/net/ntlm.el	2013-10-13 12:51:34 +0000
*************** is not given."
*** 80,87 ****
  	(request-msgType (concat (make-string 1 1) (make-string 3 0)))
  					;0x01 0x00 0x00 0x00
  	(request-flags (concat (make-string 1 7) (make-string 1 178)
! 			       (make-string 2 0)))
! 					;0x07 0xb2 0x00 0x00
  	lu ld off-d off-u)
      (when (string-match "@" user)
        (unless domain
--- 80,87 ----
  	(request-msgType (concat (make-string 1 1) (make-string 3 0)))
  					;0x01 0x00 0x00 0x00
  	(request-flags (concat (make-string 1 7) (make-string 1 178)
! 			       (make-string 1 8) (make-string 1 0)))
! 					;0x07 0xb2 0x08 0x00
  	lu ld off-d off-u)
      (when (string-match "@" user)
        (unless domain
*************** by PASSWORD-HASHES.  PASSWORD-HASHES sho
*** 144,154 ****
        (setq domain (substring user (1+ (match-beginning 0))))
        (setq user (substring user 0 (match-beginning 0))))
  
!     ;; generate response data
!     (setq lmRespData
! 	  (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
!     (setq ntRespData
! 	  (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))
  
      ;; get offsets to fields to pack the response struct in a string
      (setq lu (length user))
--- 144,178 ----
        (setq domain (substring user (1+ (match-beginning 0))))
        (setq user (substring user 0 (match-beginning 0))))
  
!     ;; check if "negotiate NTLM2 key" flag is set in type 2 message
!     (if (not (zerop (logand (aref flags 2) 8)))
! 	(let (randomString
! 	      sessionHash)
! 	  ;; generate NTLM2 session response data
! 	  (setq randomString (string-make-unibyte
! 			      (concat
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256))
! 			       (make-string 1 (random 256)))))
! 	  (setq sessionHash (secure-hash 'md5
! 					 (concat challengeData randomString)
! 					 nil nil t))
! 	  (setq sessionHash (substring sessionHash 0 8))
! 
! 	  (setq lmRespData (concat randomString (make-string 16 0)))
! 	  (setq ntRespData (ntlm-smb-owf-encrypt
! 			    (cadr password-hashes) sessionHash)))
!       (progn
! 	;; generate response data
! 	(setq lmRespData
! 	      (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
! 	(setq ntRespData
! 	      (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
  
      ;; get offsets to fields to pack the response struct in a string
      (setq lu (length user))

next             reply	other threads:[~2013-10-13 17:22 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-13 17:22 Thomas Fitzsimmons [this message]
2014-06-21 14:10 ` bug#15603: [PATCH] Add NTLM2 session support to ntlm.el Thomas Fitzsimmons
2014-10-04 19:24   ` Glenn Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3haclnl1j.fsf@fitzsim.org \
    --to=fitzsim@fitzsim.org \
    --cc=15603@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.