diff --git a/bind.go b/bind.go index 184e34b7..9c6cc282 100644 --- a/bind.go +++ b/bind.go @@ -558,3 +558,179 @@ func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindRes err = GetLDAPError(packet) return result, err } + +// GSSAPIClient interface is used as the client-side implementation for the +// GSSAPI SASL mechanism. +// Interface inspired by GSSAPIClient from golang.org/x/crypto/ssh +type GSSAPIClient interface { + // InitSecContext initiates the establishment of a security context for + // GSS-API between the client and server. + // Initially the token parameter should be specified as nil. + // The routine may return a outputToken which should be transferred to + // the server, where the server will present it to AcceptSecContext. + // If no token need be sent, InitSecContext will indicate this by setting + // needContinue to false. To complete the context + // establishment, one or more reply tokens may be required from the server; + // if so, InitSecContext will return a needContinue which is true. + // In this case, InitSecContext should be called again when the + // reply token is received from the server, passing the reply token + // to InitSecContext via the token parameters. + // See RFC 4752 section 3.1. + InitSecContext(target string, token []byte) (outputToken []byte, needContinue bool, err error) + // NegotiateSaslAuth performs the last step of the Sasl handshake. + // It takes a token, which, when unwrapped, describes the servers supported + // security layers (first octet) and maximum receive buffer (remaining + // three octets). + // If the received token is unacceptable an error must be returned to abort + // the handshake. + // Outputs a signed token describing the client's selected security layer + // and receive buffer size and optionally an authorization identity. + // The returned token will be sent to the server and the handshake considered + // completed successfully and the server authenticated. + // See RFC 4752 section 3.1. + NegotiateSaslAuth(token []byte, authzid string) ([]byte, error) + // DeleteSecContext destroys any established secure context. + DeleteSecContext() error +} + +// GSSAPIBindRequest represents a GSSAPI SASL mechanism bind request. +// See rfc4752 and rfc4513 section 5.2.1.2. +type GSSAPIBindRequest struct { + // Service Principal Name user for the service ticket. Eg. "ldap/" + ServicePrincipalName string + // (Optional) Authorization entity + AuthZID string + // (Optional) Controls to send with the bind request + Controls []Control +} + +// GSSAPIBind performs the GSSAPI SASL bind using the provided GSSAPI client. +func (l *Conn) GSSAPIBind(client GSSAPIClient, servicePrincipal, authzid string) error { + return l.GSSAPIBindRequest(client, &GSSAPIBindRequest{ + ServicePrincipalName: servicePrincipal, + AuthZID: authzid, + }) +} + +// GSSAPIBindRequest performs the GSSAPI SASL bind using the provided GSSAPI client. +func (l *Conn) GSSAPIBindRequest(client GSSAPIClient, req *GSSAPIBindRequest) error { + // nolint:errcheck + defer client.DeleteSecContext() + + var err error + var reqToken []byte + var recvToken []byte + needInit := true + for { + if needInit { + // Establish secure context between client and server. + reqToken, needInit, err = client.InitSecContext(req.ServicePrincipalName, recvToken) + if err != nil { + return err + } + } else { + // Secure context is set up, perform the last step of SASL handshake. + reqToken, err = client.NegotiateSaslAuth(recvToken, req.AuthZID) + if err != nil { + return err + } + } + // Send Bind request containing the current token and extract the + // token sent by server. + recvToken, err = l.saslBindTokenExchange(req.Controls, reqToken) + if err != nil { + return err + } + + if !needInit && len(recvToken) == 0 { + break + } + } + + return nil +} + +func (l *Conn) saslBindTokenExchange(reqControls []Control, reqToken []byte) ([]byte, error) { + + // Construct LDAP Bind request with GSSAPI SASL mechanism. + envelope := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request") + envelope.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID")) + + request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationBindRequest, nil, "Bind Request") + request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, 3, "Version")) + request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "", "User Name")) + + auth := ber.Encode(ber.ClassContext, ber.TypeConstructed, 3, "", "authentication") + auth.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "GSSAPI", "SASL Mech")) + if len(reqToken) > 0 { + auth.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, string(reqToken), "Credentials")) + } + request.AppendChild(auth) + envelope.AppendChild(request) + if len(reqControls) > 0 { + envelope.AppendChild(encodeControls(reqControls)) + } + + msgCtx, err := l.sendMessage(envelope) + if err != nil { + return nil, err + } + defer l.finishMessage(msgCtx) + + packet, err := l.readPacket(msgCtx) + if err != nil { + return nil, err + } + l.Debug.Printf("%d: got response %p", msgCtx.id, packet) + if l.Debug { + if err = addLDAPDescriptions(packet); err != nil { + return nil, err + } + ber.PrintPacket(packet) + } + + // https://www.rfc-editor.org/rfc/rfc4511#section-4.1.1 + // packet is an envelope + // child 0 is message id + // child 1 is protocolOp + if len(packet.Children) != 2 { + return nil, fmt.Errorf("bad bind response") + } + + protocolOp := packet.Children[1] +RESP: + switch protocolOp.Description { + case "Bind Response": // Bind Response + // Bind Reponse is an LDAP Response (https://www.rfc-editor.org/rfc/rfc4511#section-4.1.9) + // with an additional optional serverSaslCreds string (https://www.rfc-editor.org/rfc/rfc4511#section-4.2.2) + // child 0 is resultCode + resultCode := protocolOp.Children[0] + if resultCode.Tag != ber.TagEnumerated { + break RESP + } + switch resultCode.Value.(int64) { + case 14: // Sasl bind in progress + if len(protocolOp.Children) < 3 { + break RESP + } + referral := protocolOp.Children[3] + switch referral.Description { + case "Referral": + if referral.ClassType != ber.ClassContext || referral.Tag != ber.TagObjectDescriptor { + break RESP + } + return ioutil.ReadAll(referral.Data) + } + // Optional: + //if len(protocolOp.Children) == 4 { + // serverSaslCreds := protocolOp.Children[4] + //} + case 0: // Success - Bind OK. + // SASL layer in effect (if any) (See https://www.rfc-editor.org/rfc/rfc4513#section-5.2.1.4) + // NOTE: SASL security layers are not supported currently. + return nil, nil + } + } + + return nil, GetLDAPError(packet) +} diff --git a/examples_windows_test.go b/examples_windows_test.go new file mode 100644 index 00000000..dbfac77b --- /dev/null +++ b/examples_windows_test.go @@ -0,0 +1,36 @@ +//go:build windows +// +build windows + +package ldap + +import ( + "log" + + "github.com/go-ldap/ldap/gssapi" +) + +// This example demonstrates passwordless bind using the current process' user +// credentials on Windows (SASL GSSAPI mechanism bind with SSPI client). +func ExampleConn_SSPIClient_GSSAPIBind() { + + // Windows only: Create a GSSAPIClient using Windows built-in SSPI lib + // (secur32.dll). + // This will use the credentials of the current process' user. + sspiClient, err := gssapi.NewSSPIClient() + if err != nil { + log.Fatal(err) + } + defer sspiClient.Close() + + l, err := DialURL("ldap://ldap.example.com:389") + if err != nil { + log.Fatal(err) + } + defer l.Close() + + // Bind using supplied GSSAPIClient implementation + err = l.GSSAPIBind(sspiClient, "ldap/ldap.example.com", "") + if err != nil { + log.Fatal(err) + } +} diff --git a/go.mod b/go.mod index e974acf4..add53aa9 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,8 @@ go 1.14 require ( github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e + github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 github.com/go-asn1-ber/asn1-ber v1.5.4 - github.com/stretchr/testify v1.7.2 // indirect - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect + github.com/stretchr/testify v1.8.0 + golang.org/x/crypto v0.1.0 // indirect ) diff --git a/go.sum b/go.sum index 8589d19b..8582cf8b 100644 --- a/go.sum +++ b/go.sum @@ -1,30 +1,50 @@ -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28= -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ= -github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= -github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/gssapi/sspi.go b/gssapi/sspi.go new file mode 100644 index 00000000..bd6aae71 --- /dev/null +++ b/gssapi/sspi.go @@ -0,0 +1,192 @@ +//go:build windows +// +build windows + +package gssapi + +import ( + "bytes" + "encoding/binary" + "fmt" + + "github.com/alexbrainman/sspi" + "github.com/alexbrainman/sspi/kerberos" +) + +// SSPIClient implements ldap.GSSAPIClient interface. +// Depends on secur32.dll. +type SSPIClient struct { + creds *sspi.Credentials + ctx *kerberos.ClientContext +} + +// NewSSPIClient returns a client with credentials of the current user. +func NewSSPIClient() (*SSPIClient, error) { + creds, err := kerberos.AcquireCurrentUserCredentials() + if err != nil { + return nil, err + } + + return NewSSPIClientWithCredentials(creds), nil +} + +// NewSSPIClientWithCredentials returns a client with the provided credentials. +func NewSSPIClientWithCredentials(creds *sspi.Credentials) *SSPIClient { + return &SSPIClient{ + creds: creds, + } +} + +// NewSSPIClientWithUserCredentials returns a client using the provided user's +// credentials. +func NewSSPIClientWithUserCredentials(domain, username, password string) (*SSPIClient, error) { + creds, err := kerberos.AcquireUserCredentials(domain, username, password) + if err != nil { + return nil, err + } + + return &SSPIClient{ + creds: creds, + }, nil +} + +// Close deletes any established secure context and closes the client. +func (c *SSPIClient) Close() error { + err1 := c.DeleteSecContext() + err2 := c.creds.Release() + if err1 != nil { + return err1 + } + if err2 != nil { + return err2 + } + return nil +} + +// DeleteSecContext destroys any established secure context. +func (c *SSPIClient) DeleteSecContext() error { + return c.ctx.Release() +} + +// InitSecContext initiates the establishment of a security context for +// GSS-API between the client and server. +// See RFC 4752 section 3.1. +func (c *SSPIClient) InitSecContext(target string, token []byte) ([]byte, bool, error) { + sspiFlags := uint32(sspi.ISC_REQ_INTEGRITY | sspi.ISC_REQ_CONFIDENTIALITY | sspi.ISC_REQ_MUTUAL_AUTH) + + switch token { + case nil: + ctx, completed, output, err := kerberos.NewClientContextWithFlags(c.creds, target, sspiFlags) + if err != nil { + return nil, false, err + } + c.ctx = ctx + + return output, !completed, nil + default: + + completed, output, err := c.ctx.Update(token) + if err != nil { + return nil, false, err + } + if err := c.ctx.VerifyFlags(); err != nil { + return nil, false, fmt.Errorf("error verifying flags: %v", err) + } + return output, !completed, nil + + } +} + +// NegotiateSaslAuth performs the last step of the SASL handshake. +// See RFC 4752 section 3.1. +func (c *SSPIClient) NegotiateSaslAuth(token []byte, authzid string) ([]byte, error) { + + // Using SSPI rather than of GSSAPI, relevant documentation of differences here: + // https://learn.microsoft.com/en-us/windows/win32/secauthn/sspi-kerberos-interoperability-with-gssapi + + // KERB_WRAP_NO_ENCRYPT (SECQOP_WRAP_NO_ENCRYPT) flag indicates Wrap and Unwrap + // should only sign & verify (not encrypt & decrypt). + const KERB_WRAP_NO_ENCRYPT = 0x80000001 + + // https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-decryptmessage + flags, inputPayload, err := c.ctx.DecryptMessage(token, 0) + if err != nil { + return nil, fmt.Errorf("error decrypting message: %w", err) + } + if flags&KERB_WRAP_NO_ENCRYPT == 0 { + // Encrypted message, this is unexpected. + return nil, fmt.Errorf("message encrypted") + } + + // `bytes` describes available security context: + // "the first octet of resulting cleartext as a + // bit-mask specifying the security layers supported by the server and + // the second through fourth octets as the maximum size output_message + // the server is able to receive (in network byte order). If the + // resulting cleartext is not 4 octets long, the client fails the + // negotiation. The client verifies that the server maximum buffer is 0 + // if the server does not advertise support for any security layer." + // From https://www.rfc-editor.org/rfc/rfc4752#section-3.1 + if len(inputPayload) != 4 { + return nil, fmt.Errorf("bad server token") + } + if inputPayload[0] == 0x0 && !bytes.Equal(inputPayload, []byte{0x0, 0x0, 0x0, 0x0}) { + return nil, fmt.Errorf("bad server token") + } + + // Security layers https://www.rfc-editor.org/rfc/rfc4422#section-3.7 + // https://www.rfc-editor.org/rfc/rfc4752#section-3.3 + // supportNoSecurity := input[0] & 0b00000001 + // supportIntegrity := input[0] & 0b00000010 + // supportPrivacy := input[0] & 0b00000100 + selectedSec := 0 // Disabled + var maxSecMsgSize uint32 + if selectedSec != 0 { + maxSecMsgSize, _, _, _, err = c.ctx.Sizes() + if err != nil { + return nil, fmt.Errorf("error getting security context max message size: %w", err) + } + } + + // https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-encryptmessage + inputPayload, err = c.ctx.EncryptMessage(handshakePayload(byte(selectedSec), maxSecMsgSize, []byte(authzid)), KERB_WRAP_NO_ENCRYPT, 0) + if err != nil { + return nil, fmt.Errorf("error encrypting message: %w", err) + } + + return inputPayload, nil +} + +func handshakePayload(secLayer byte, maxSize uint32, authzid []byte) []byte { + // construct payload and send unencrypted: + // "The client then constructs data, with the first octet containing the + // bit-mask specifying the selected security layer, the second through + // fourth octets containing in network byte order the maximum size + // output_message the client is able to receive (which MUST be 0 if the + // client does not support any security layer), and the remaining octets + // containing the UTF-8 [UTF8] encoded authorization identity. + // (Implementation note: The authorization identity is not terminated + // with the zero-valued (%x00) octet (e.g., the UTF-8 encoding of the + // NUL (U+0000) character)). The client passes the data to GSS_Wrap + // with conf_flag set to FALSE and responds with the generated + // output_message. The client can then consider the server + // authenticated." + // From https://www.rfc-editor.org/rfc/rfc4752#section-3.1 + + // Client picks security layer to use, 0 is disabled. + var selectedSecurity byte = secLayer + var truncatedSize uint32 // must be 0 if secLayer is 0 + if selectedSecurity != 0 { + // Only 3 bytes to describe the max size, set the maximum. + truncatedSize = 0b00000000_11111111_11111111_11111111 + if truncatedSize > maxSize { + truncatedSize = maxSize + } + } + + payload := make([]byte, 4, 4+len(authzid)) + binary.BigEndian.PutUint32(payload, truncatedSize) + payload[0] = selectedSecurity // Overwrites most significant byte of `maxSize` + payload = append(payload, []byte(authzid)...) + + return payload +} diff --git a/v3/bind.go b/v3/bind.go index 184e34b7..9a87d027 100644 --- a/v3/bind.go +++ b/v3/bind.go @@ -558,3 +558,179 @@ func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindRes err = GetLDAPError(packet) return result, err } + +// GSSAPIClient interface is used as the client-side implementation for the +// GSSAPI SASL mechanism. +// Interface inspired by GSSAPIClient from golang.org/x/crypto/ssh +type GSSAPIClient interface { + // InitSecContext initiates the establishment of a security context for + // GSS-API between the client and server. + // Initially the token parameter should be specified as nil. + // The routine may return a outputToken which should be transferred to + // the server, where the server will present it to AcceptSecContext. + // If no token need be sent, InitSecContext will indicate this by setting + // needContinue to false. To complete the context + // establishment, one or more reply tokens may be required from the server; + // if so, InitSecContext will return a needContinue which is true. + // In this case, InitSecContext should be called again when the + // reply token is received from the server, passing the reply token + // to InitSecContext via the token parameters. + // See RFC 4752 section 3.1. + InitSecContext(target string, token []byte) (outputToken []byte, needContinue bool, err error) + // NegotiateSaslAuth performs the last step of the Sasl handshake. + // It takes a token, which, when unwrapped, describes the servers supported + // security layers (first octet) and maximum receive buffer (remaining + // three octets). + // If the received token is unacceptable an error must be returned to abort + // the handshake. + // Outputs a signed token describing the client's selected security layer + // and receive buffer size and optionally an authorization identity. + // The returned token will be sent to the server and the handshake considered + // completed successfully and the server authenticated. + // See RFC 4752 section 3.1. + NegotiateSaslAuth(token []byte, authzid string) ([]byte, error) + // DeleteSecContext destroys any established secure context. + DeleteSecContext() error +} + +// GSSAPIBindRequest represents a GSSAPI SASL mechanism bind request. +// See rfc4752 and rfc4513 section 5.2.1.2. +type GSSAPIBindRequest struct { + // Service Principal Name user for the service ticket. Eg. "ldap/" + ServicePrincipalName string + // (Optional) Authorization entity + AuthZID string + // (Optional) Controls to send with the bind request + Controls []Control +} + +// GSSAPIBind performs the GSSAPI SASL bind using the provided GSSAPI client. +func (l *Conn) GSSAPIBind(client GSSAPIClient, servicePrincipal, authzid string) error { + return l.GSSAPIBindRequest(client, &GSSAPIBindRequest{ + ServicePrincipalName: servicePrincipal, + AuthZID: authzid, + }) +} + +// GSSAPIBindRequest performs the GSSAPI SASL bind using the provided GSSAPI client. +func (l *Conn) GSSAPIBindRequest(client GSSAPIClient, req *GSSAPIBindRequest) error { + //nolint:errcheck + defer client.DeleteSecContext() + + var err error + var reqToken []byte + var recvToken []byte + needInit := true + for { + if needInit { + // Establish secure context between client and server. + reqToken, needInit, err = client.InitSecContext(req.ServicePrincipalName, recvToken) + if err != nil { + return err + } + } else { + // Secure context is set up, perform the last step of SASL handshake. + reqToken, err = client.NegotiateSaslAuth(recvToken, req.AuthZID) + if err != nil { + return err + } + } + // Send Bind request containing the current token and extract the + // token sent by server. + recvToken, err = l.saslBindTokenExchange(req.Controls, reqToken) + if err != nil { + return err + } + + if !needInit && len(recvToken) == 0 { + break + } + } + + return nil +} + +func (l *Conn) saslBindTokenExchange(reqControls []Control, reqToken []byte) ([]byte, error) { + + // Construct LDAP Bind request with GSSAPI SASL mechanism. + envelope := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request") + envelope.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID")) + + request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationBindRequest, nil, "Bind Request") + request.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, 3, "Version")) + request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "", "User Name")) + + auth := ber.Encode(ber.ClassContext, ber.TypeConstructed, 3, "", "authentication") + auth.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, "GSSAPI", "SASL Mech")) + if len(reqToken) > 0 { + auth.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, string(reqToken), "Credentials")) + } + request.AppendChild(auth) + envelope.AppendChild(request) + if len(reqControls) > 0 { + envelope.AppendChild(encodeControls(reqControls)) + } + + msgCtx, err := l.sendMessage(envelope) + if err != nil { + return nil, err + } + defer l.finishMessage(msgCtx) + + packet, err := l.readPacket(msgCtx) + if err != nil { + return nil, err + } + l.Debug.Printf("%d: got response %p", msgCtx.id, packet) + if l.Debug { + if err = addLDAPDescriptions(packet); err != nil { + return nil, err + } + ber.PrintPacket(packet) + } + + // https://www.rfc-editor.org/rfc/rfc4511#section-4.1.1 + // packet is an envelope + // child 0 is message id + // child 1 is protocolOp + if len(packet.Children) != 2 { + return nil, fmt.Errorf("bad bind response") + } + + protocolOp := packet.Children[1] +RESP: + switch protocolOp.Description { + case "Bind Response": // Bind Response + // Bind Reponse is an LDAP Response (https://www.rfc-editor.org/rfc/rfc4511#section-4.1.9) + // with an additional optional serverSaslCreds string (https://www.rfc-editor.org/rfc/rfc4511#section-4.2.2) + // child 0 is resultCode + resultCode := protocolOp.Children[0] + if resultCode.Tag != ber.TagEnumerated { + break RESP + } + switch resultCode.Value.(int64) { + case 14: // Sasl bind in progress + if len(protocolOp.Children) < 3 { + break RESP + } + referral := protocolOp.Children[3] + switch referral.Description { + case "Referral": + if referral.ClassType != ber.ClassContext || referral.Tag != ber.TagObjectDescriptor { + break RESP + } + return ioutil.ReadAll(referral.Data) + } + // Optional: + //if len(protocolOp.Children) == 4 { + // serverSaslCreds := protocolOp.Children[4] + //} + case 0: // Success - Bind OK. + // SASL layer in effect (if any) (See https://www.rfc-editor.org/rfc/rfc4513#section-5.2.1.4) + // NOTE: SASL security layers are not supported currently. + return nil, nil + } + } + + return nil, GetLDAPError(packet) +} diff --git a/v3/examples_windows_test.go b/v3/examples_windows_test.go new file mode 100644 index 00000000..ddc9aedf --- /dev/null +++ b/v3/examples_windows_test.go @@ -0,0 +1,36 @@ +//go:build windows +// +build windows + +package ldap + +import ( + "log" + + "github.com/go-ldap/ldap/v3/gssapi" +) + +// This example demonstrates passwordless bind using the current process' user +// credentials on Windows (SASL GSSAPI mechanism bind with SSPI client). +func ExampleConn_SSPIClient_GSSAPIBind() { + + // Windows only: Create a GSSAPIClient using Windows built-in SSPI lib + // (secur32.dll). + // This will use the credentials of the current process' user. + sspiClient, err := gssapi.NewSSPIClient() + if err != nil { + log.Fatal(err) + } + defer sspiClient.Close() + + l, err := DialURL("ldap://ldap.example.com:389") + if err != nil { + log.Fatal(err) + } + defer l.Close() + + // Bind using supplied GSSAPIClient implementation + err = l.GSSAPIBind(sspiClient, "ldap/ldap.example.com", "") + if err != nil { + log.Fatal(err) + } +} diff --git a/v3/go.mod b/v3/go.mod index 3e48ee16..20590324 100644 --- a/v3/go.mod +++ b/v3/go.mod @@ -4,7 +4,8 @@ go 1.14 require ( github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e + github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 github.com/go-asn1-ber/asn1-ber v1.5.4 - github.com/stretchr/testify v1.7.2 // indirect - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect + github.com/stretchr/testify v1.8.0 + golang.org/x/crypto v0.1.0 // indirect ) diff --git a/v3/go.sum b/v3/go.sum index 8589d19b..8582cf8b 100644 --- a/v3/go.sum +++ b/v3/go.sum @@ -1,30 +1,50 @@ -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28= -github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e h1:ZU22z/2YRFLyf/P4ZwUYSdNCWsMEI0VeyrFoI2rAhJQ= -github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= +github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A= github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= -github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/v3/gssapi/sspi.go b/v3/gssapi/sspi.go new file mode 100644 index 00000000..bd6aae71 --- /dev/null +++ b/v3/gssapi/sspi.go @@ -0,0 +1,192 @@ +//go:build windows +// +build windows + +package gssapi + +import ( + "bytes" + "encoding/binary" + "fmt" + + "github.com/alexbrainman/sspi" + "github.com/alexbrainman/sspi/kerberos" +) + +// SSPIClient implements ldap.GSSAPIClient interface. +// Depends on secur32.dll. +type SSPIClient struct { + creds *sspi.Credentials + ctx *kerberos.ClientContext +} + +// NewSSPIClient returns a client with credentials of the current user. +func NewSSPIClient() (*SSPIClient, error) { + creds, err := kerberos.AcquireCurrentUserCredentials() + if err != nil { + return nil, err + } + + return NewSSPIClientWithCredentials(creds), nil +} + +// NewSSPIClientWithCredentials returns a client with the provided credentials. +func NewSSPIClientWithCredentials(creds *sspi.Credentials) *SSPIClient { + return &SSPIClient{ + creds: creds, + } +} + +// NewSSPIClientWithUserCredentials returns a client using the provided user's +// credentials. +func NewSSPIClientWithUserCredentials(domain, username, password string) (*SSPIClient, error) { + creds, err := kerberos.AcquireUserCredentials(domain, username, password) + if err != nil { + return nil, err + } + + return &SSPIClient{ + creds: creds, + }, nil +} + +// Close deletes any established secure context and closes the client. +func (c *SSPIClient) Close() error { + err1 := c.DeleteSecContext() + err2 := c.creds.Release() + if err1 != nil { + return err1 + } + if err2 != nil { + return err2 + } + return nil +} + +// DeleteSecContext destroys any established secure context. +func (c *SSPIClient) DeleteSecContext() error { + return c.ctx.Release() +} + +// InitSecContext initiates the establishment of a security context for +// GSS-API between the client and server. +// See RFC 4752 section 3.1. +func (c *SSPIClient) InitSecContext(target string, token []byte) ([]byte, bool, error) { + sspiFlags := uint32(sspi.ISC_REQ_INTEGRITY | sspi.ISC_REQ_CONFIDENTIALITY | sspi.ISC_REQ_MUTUAL_AUTH) + + switch token { + case nil: + ctx, completed, output, err := kerberos.NewClientContextWithFlags(c.creds, target, sspiFlags) + if err != nil { + return nil, false, err + } + c.ctx = ctx + + return output, !completed, nil + default: + + completed, output, err := c.ctx.Update(token) + if err != nil { + return nil, false, err + } + if err := c.ctx.VerifyFlags(); err != nil { + return nil, false, fmt.Errorf("error verifying flags: %v", err) + } + return output, !completed, nil + + } +} + +// NegotiateSaslAuth performs the last step of the SASL handshake. +// See RFC 4752 section 3.1. +func (c *SSPIClient) NegotiateSaslAuth(token []byte, authzid string) ([]byte, error) { + + // Using SSPI rather than of GSSAPI, relevant documentation of differences here: + // https://learn.microsoft.com/en-us/windows/win32/secauthn/sspi-kerberos-interoperability-with-gssapi + + // KERB_WRAP_NO_ENCRYPT (SECQOP_WRAP_NO_ENCRYPT) flag indicates Wrap and Unwrap + // should only sign & verify (not encrypt & decrypt). + const KERB_WRAP_NO_ENCRYPT = 0x80000001 + + // https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-decryptmessage + flags, inputPayload, err := c.ctx.DecryptMessage(token, 0) + if err != nil { + return nil, fmt.Errorf("error decrypting message: %w", err) + } + if flags&KERB_WRAP_NO_ENCRYPT == 0 { + // Encrypted message, this is unexpected. + return nil, fmt.Errorf("message encrypted") + } + + // `bytes` describes available security context: + // "the first octet of resulting cleartext as a + // bit-mask specifying the security layers supported by the server and + // the second through fourth octets as the maximum size output_message + // the server is able to receive (in network byte order). If the + // resulting cleartext is not 4 octets long, the client fails the + // negotiation. The client verifies that the server maximum buffer is 0 + // if the server does not advertise support for any security layer." + // From https://www.rfc-editor.org/rfc/rfc4752#section-3.1 + if len(inputPayload) != 4 { + return nil, fmt.Errorf("bad server token") + } + if inputPayload[0] == 0x0 && !bytes.Equal(inputPayload, []byte{0x0, 0x0, 0x0, 0x0}) { + return nil, fmt.Errorf("bad server token") + } + + // Security layers https://www.rfc-editor.org/rfc/rfc4422#section-3.7 + // https://www.rfc-editor.org/rfc/rfc4752#section-3.3 + // supportNoSecurity := input[0] & 0b00000001 + // supportIntegrity := input[0] & 0b00000010 + // supportPrivacy := input[0] & 0b00000100 + selectedSec := 0 // Disabled + var maxSecMsgSize uint32 + if selectedSec != 0 { + maxSecMsgSize, _, _, _, err = c.ctx.Sizes() + if err != nil { + return nil, fmt.Errorf("error getting security context max message size: %w", err) + } + } + + // https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-encryptmessage + inputPayload, err = c.ctx.EncryptMessage(handshakePayload(byte(selectedSec), maxSecMsgSize, []byte(authzid)), KERB_WRAP_NO_ENCRYPT, 0) + if err != nil { + return nil, fmt.Errorf("error encrypting message: %w", err) + } + + return inputPayload, nil +} + +func handshakePayload(secLayer byte, maxSize uint32, authzid []byte) []byte { + // construct payload and send unencrypted: + // "The client then constructs data, with the first octet containing the + // bit-mask specifying the selected security layer, the second through + // fourth octets containing in network byte order the maximum size + // output_message the client is able to receive (which MUST be 0 if the + // client does not support any security layer), and the remaining octets + // containing the UTF-8 [UTF8] encoded authorization identity. + // (Implementation note: The authorization identity is not terminated + // with the zero-valued (%x00) octet (e.g., the UTF-8 encoding of the + // NUL (U+0000) character)). The client passes the data to GSS_Wrap + // with conf_flag set to FALSE and responds with the generated + // output_message. The client can then consider the server + // authenticated." + // From https://www.rfc-editor.org/rfc/rfc4752#section-3.1 + + // Client picks security layer to use, 0 is disabled. + var selectedSecurity byte = secLayer + var truncatedSize uint32 // must be 0 if secLayer is 0 + if selectedSecurity != 0 { + // Only 3 bytes to describe the max size, set the maximum. + truncatedSize = 0b00000000_11111111_11111111_11111111 + if truncatedSize > maxSize { + truncatedSize = maxSize + } + } + + payload := make([]byte, 4, 4+len(authzid)) + binary.BigEndian.PutUint32(payload, truncatedSize) + payload[0] = selectedSecurity // Overwrites most significant byte of `maxSize` + payload = append(payload, []byte(authzid)...) + + return payload +}