Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Extended Protection for Authentication (Channel binding) #28

Merged
merged 1 commit into from
Feb 16, 2016
Merged

Support Extended Protection for Authentication (Channel binding) #28

merged 1 commit into from
Feb 16, 2016

Conversation

mwrock
Copy link
Member

@mwrock mwrock commented Feb 13, 2016

fixes #27

Adds support for Extended Protection for Authentication biinding TLS channel to NTLM authentication.

mwrock
mwrock reviewed Feb 13, 2016
View reviewed changes
lib/net/ntlm/client/session.rb
end
end

def inject_cbt
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a temporary hack

@mwrock
Copy link
Member Author

mwrock commented Feb 15, 2016

This is complete. I'm gonna keep it WIP until I have a PR ready that consumes it in WinRM. I have a "hacked" WinRM using this and working against a VM with its CbtHardeningLevel set to Strict.

Tests are currently failing for 1.8.7. That was retired almost 3 years ago so I'll remove it in this PR.

@mwrock
Copy link
Member Author

mwrock commented Feb 15, 2016

PR submitted for WinRM - WinRb/WinRM#186

Before removing WIP, I'm gonna do a sanity check against 2008 (R1) later. Once that checks out I think this will be good to go.

@mwrock mwrock changed the title WIP - Channel binding Support Extended Protection for Authentication (Channel binding) Feb 15, 2016
@mwrock
Copy link
Member Author

mwrock commented Feb 15, 2016

Works back to Windows 2008 SP2. No longer a work in progress and ready for review.

cc @zenchild @sneal

@zenchild
Copy link
Member

Looks good to me. Ship it :)

@mwrock
Copy link
Member Author

mwrock commented Feb 16, 2016

sweet. thanks @zenchild ! squashing. Will release soon.

@sneal
Copy link
Member

sneal commented Feb 16, 2016

:shipit:

jlee-r7
jlee-r7 reviewed Feb 16, 2016
View reviewed changes
lib/net/ntlm/exceptions.rb
@@ -0,0 +1,14 @@
module Net
module Ntlm
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be NTLM to match the rest of the code.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch @jlee-r7

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah yes. thanks for catching @jlee-r7 !

mwrock added a commit that referenced this pull request Feb 16, 2016
@mwrock
Merge pull request #28 from WinRb/channel_binding
27d5288 
Support Extended Protection for Authentication (Channel binding)
@mwrock mwrock merged commit 27d5288 into master Feb 16, 2016
@mwrock mwrock deleted the channel_binding branch February 16, 2016 18:30
@mwrock mwrock mentioned this pull request Feb 16, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support Extended Protection for Authentication (Channel Binding Tokens)
4 participants
@mwrock @zenchild @sneal @jlee-r7