* lisp/net/ntlm.el (ntlm-build-auth-request): Add NTLM2 Session support.

Fixes: debbugs:15603
author: Thomas Fitzsimmons 2014-10-04 12:23:42 -0700
committer: Glenn Morris 2014-10-04 12:23:42 -0700
commit: 87318e3d76aae6ed85b15e29900ff3b66f1bec6b (patch)
tree: 6f720f81fed01a167b8914b959bd1026ed5f2955
parent: 9ed4c74e8bb6dc1da8ded4667b770de8f24b587d (diff)
download: emacs-87318e3d76aae6ed85b15e29900ff3b66f1bec6b.tar.gz
emacs-87318e3d76aae6ed85b15e29900ff3b66f1bec6b.zip
2 files changed, 36 insertions, 7 deletions
diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 9af5186375e..3a88ac6b37a 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-04  Thomas Fitzsimmons  <fitzsim@fitzsim.org>
+        * net/ntlm.el (ntlm-build-auth-request):
+        Add NTLM2 Session support.  (Bug#15603)
 2014-10-04  Glenn Morris  <rgm@gnu.org>
        * apropos.el (apropos-symbols-internal):
diff --git a/lisp/net/ntlm.el b/lisp/net/ntlm.el
index bff3bab7207..30958aaa6bf 100644
--- a/lisp/net/ntlm.el
+++ b/lisp/net/ntlm.el
@@ -80,8 +80,8 @@ is not given."
        (request-msgType (concat (make-string 1 1) (make-string 3 0)))
                                        ;0x01 0x00 0x00 0x00
        (request-flags (concat (make-string 1 7) (make-string 1 178)
-                               (make-string 2 0)))
+                               (make-string 1 8) (make-string 1 0)))
-                                        ;0x07 0xb2 0x00 0x00
+                                        ;0x07 0xb2 0x08 0x00
        lu ld off-d off-u)
    (when (string-match "@" user)
      (unless domain
@@ -144,11 +144,35 @@ by PASSWORD-HASHES.  PASSWORD-HASHES should be a return value of
      (setq domain (substring user (1+ (match-beginning 0))))
      (setq user (substring user 0 (match-beginning 0))))
-    ;; generate response data
+    ;; check if "negotiate NTLM2 key" flag is set in type 2 message
-    (setq lmRespData
+    (if (not (zerop (logand (aref flags 2) 8)))
-          (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
+        (let (randomString
-    (setq ntRespData
+              sessionHash)
-          (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))
+          ;; generate NTLM2 session response data
+          (setq randomString (string-make-unibyte
+                              (concat
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256))
+                               (make-string 1 (random 256)))))
+          (setq sessionHash (secure-hash 'md5
+                                         (concat challengeData randomString)
+                                         nil nil t))
+          (setq sessionHash (substring sessionHash 0 8))
+          (setq lmRespData (concat randomString (make-string 16 0)))
+          (setq ntRespData (ntlm-smb-owf-encrypt
+                            (cadr password-hashes) sessionHash)))
+      (progn
+        ;; generate response data
+        (setq lmRespData
+              (ntlm-smb-owf-encrypt (car password-hashes) challengeData))
+        (setq ntRespData
+              (ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
    ;; get offsets to fields to pack the response struct in a string
    (setq lu (length user))
author	Thomas Fitzsimmons	2014-10-04 12:23:42 -0700
committer	Glenn Morris	2014-10-04 12:23:42 -0700
commit	87318e3d76aae6ed85b15e29900ff3b66f1bec6b (patch)
tree	6f720f81fed01a167b8914b959bd1026ed5f2955
parent	9ed4c74e8bb6dc1da8ded4667b770de8f24b587d (diff)
download	emacs-87318e3d76aae6ed85b15e29900ff3b66f1bec6b.tar.gz emacs-87318e3d76aae6ed85b15e29900ff3b66f1bec6b.zip

diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 9af5186375e..3a88ac6b37a 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog
@@ -1,3 +1,8 @@
		1	2014-10-04 Thomas Fitzsimmons <fitzsim@fitzsim.org>
		2
		3	* net/ntlm.el (ntlm-build-auth-request):
		4	Add NTLM2 Session support. (Bug#15603)
		5
1	2014-10-04 Glenn Morris <rgm@gnu.org>	6	2014-10-04 Glenn Morris <rgm@gnu.org>
2		7
3	* apropos.el (apropos-symbols-internal):	8	* apropos.el (apropos-symbols-internal):


diff --git a/lisp/net/ntlm.el b/lisp/net/ntlm.el index bff3bab7207..30958aaa6bf 100644 --- a/lisp/net/ntlm.el +++ b/lisp/net/ntlm.el
@@ -80,8 +80,8 @@ is not given."
80	(request-msgType (concat (make-string 1 1) (make-string 3 0)))	80	(request-msgType (concat (make-string 1 1) (make-string 3 0)))
81	;0x01 0x00 0x00 0x00	81	;0x01 0x00 0x00 0x00
82	(request-flags (concat (make-string 1 7) (make-string 1 178)	82	(request-flags (concat (make-string 1 7) (make-string 1 178)
83	(make-string 2 0)))	83	(make-string 1 8) (make-string 1 0)))
84	;0x07 0xb2 0x00 0x00	84	;0x07 0xb2 0x08 0x00
85	lu ld off-d off-u)	85	lu ld off-d off-u)
86	(when (string-match "@" user)	86	(when (string-match "@" user)
87	(unless domain	87	(unless domain
@@ -144,11 +144,35 @@ by PASSWORD-HASHES. PASSWORD-HASHES should be a return value of
144	(setq domain (substring user (1+ (match-beginning 0))))	144	(setq domain (substring user (1+ (match-beginning 0))))
145	(setq user (substring user 0 (match-beginning 0))))	145	(setq user (substring user 0 (match-beginning 0))))
146		146
147	;; generate response data	147	;; check if "negotiate NTLM2 key" flag is set in type 2 message
148	(setq lmRespData	148	(if (not (zerop (logand (aref flags 2) 8)))
149	(ntlm-smb-owf-encrypt (car password-hashes) challengeData))	149	(let (randomString
150	(setq ntRespData	150	sessionHash)
151	(ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))	151	;; generate NTLM2 session response data
		152	(setq randomString (string-make-unibyte
		153	(concat
		154	(make-string 1 (random 256))
		155	(make-string 1 (random 256))
		156	(make-string 1 (random 256))
		157	(make-string 1 (random 256))
		158	(make-string 1 (random 256))
		159	(make-string 1 (random 256))
		160	(make-string 1 (random 256))
		161	(make-string 1 (random 256)))))
		162	(setq sessionHash (secure-hash 'md5
		163	(concat challengeData randomString)
		164	nil nil t))
		165	(setq sessionHash (substring sessionHash 0 8))
		166
		167	(setq lmRespData (concat randomString (make-string 16 0)))
		168	(setq ntRespData (ntlm-smb-owf-encrypt
		169	(cadr password-hashes) sessionHash)))
		170	(progn
		171	;; generate response data
		172	(setq lmRespData
		173	(ntlm-smb-owf-encrypt (car password-hashes) challengeData))
		174	(setq ntRespData
		175	(ntlm-smb-owf-encrypt (cadr password-hashes) challengeData))))
152		176
153	;; get offsets to fields to pack the response struct in a string	177	;; get offsets to fields to pack the response struct in a string
154	(setq lu (length user))	178	(setq lu (length user))