oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: add mechanism-force-mechListMIC hook to SPNEGO

Browse Source 
NTLM erroneously requires a mechListMIC at the SPNEGO layer if an internal MIC
in the NTLM protocol was used. Add a private interface between SPNEGO and the
Samba NTLM mechanism to allow the mechanism to signal that a mechListMIC is
required even if it otherwise would not be.

This interface is the same as that supported by MIT.

Note that only the Samba NTLM mechanism currently implements this feature, it
is not implemented by the Heimdal NTLM mechanism (which does not support NTLM
authenticate message MICs).
This commit is contained in:
Luke Howard
2020-02-04 16:39:34 +11:00
parent 5d1a33f780
commit 921d528d8b
4 changed files with 48 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/gssapi/oid.txt
+1
View File
@@ -54,6 +54,7 @@ oid base GSS_C_INQ_WIN2K_PAC_X 1.2.752.43.13.3.128
oid base GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5
oid base GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16
oid base GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17
oid base GSS_C_INQ_REQUIRE_MECHLIST_MIC 1.3.6.1.4.1.7165.655.1.2
#/*
# * "Standard" mechs