@@ -362,19 +362,65 @@ Blob Handshake_client::process_data(const Blob &data)
362
362
To implement the protocol one can use several existing implementations:
363
363
<ul>
364
364
<li>MS Windows provides
365
- [InitializeSecurityContextW](" http://msdn.microsoft.com/en-us/library/windows/desktop/aa375509(v=VS.85).aspx" )
366
- and [AcceptSecurityContext](" http://msdn.microsoft.com/en-us/library/aa374703.aspx" )
365
+ [InitializeSecurityContextW](http://msdn.microsoft.com/en-us/library/windows/desktop/aa375509(v=VS.85).aspx)
366
+ and [AcceptSecurityContext](http://msdn.microsoft.com/en-us/library/aa374703.aspx)
367
367
</li>
368
368
<li>A open source implemenation of NTML, SPNEGO and Kerberos5 are provided by
369
- [Heimdal](" http://www.h5l.org/" )
369
+ [Heimdal](http://www.h5l.org/)
370
370
</li>
371
371
<li>Java6 added SPNEGO support to
372
- [JGSS](" http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html#SPNEGO" )
372
+ [JGSS](http://download.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html#SPNEGO)
373
373
which also provides the NTLM and Kerberos5 support.
374
374
</li></ul>
375
375
376
- @section sect_protocol_connection_phase_authentication_methods_authentication_windows_spnego SPNEGO
376
+ @sa win_auth_handshake_client
377
+
378
+
377
379
@section sect_protocol_connection_phase_authentication_methods_authentication_windows_ntlm NTLM
380
+
381
+ @note [Removed in Windows Vista and 2008](http://msdn.microsoft.com/en-us/library/aa480152.aspx#appcomp_topic16)
382
+
383
+ @note Documented in [MSDN](https://msdn.microsoft.com/en-us/library/cc207842.aspx)
384
+
385
+ @startuml
386
+ Client->Server: NTLM request
387
+ Server->Client: 0x01 + NTLM response
388
+ == repeat until done ==
389
+ Client->Server: NTLM request
390
+ Server->Client: OK
391
+ @enduml
392
+
393
+
394
+ @section sect_protocol_connection_phase_authentication_methods_authentication_windows_spnego SPNEGO
395
+
396
+ Uses GSS-API as protocol and negotiates the proper auth-method automatically.
397
+ @par Tip
398
+ To decode these packets by hand you need to read:
399
+ <ul>
400
+ <li>
401
+ [RFC2473](http://tools.ietf.org/html/rfc2743.html#page-81)
402
+ Section 3.1: Mechanism-independent Token Format
403
+ </li><li>
404
+ [RFC4178](http://tools.ietf.org/html/rfc4178.html#page-7)
405
+ Section 4: Token Defintions
406
+ </li><li>
407
+ [X.680](http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf)
408
+ ASN.1
409
+ </li><li>
410
+ [X.690](http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf)
411
+ DER
412
+ </li>
413
+ </ul>
414
+
415
+ @startuml
416
+ Client->Server: GSS-API + SPNEGO NegTokenInit
417
+ Server->Client: 0x01 + SPNEGO NegTokenResponse
418
+ Client->Server: SPNEGO NegTokenResponse
419
+ Server->Client: 0x01 + SPNEGO NegTokenResponse
420
+ == repeat until done ==
421
+ Server->Client: OK
422
+ @enduml
423
+
378
424
*/
379
425
380
426
/* *
0 commit comments