[ARC-144] add if condition for HTTP target, allow winrm connection #178
Conversation
feat: add if condition for HTTP target
irvingoujAtDevolution
force-pushed
the
ARC-144-sspi-rs-WASM-module-and-JavaScript-API-for-NTLM
branch
from
1fd8f76
to
bef493f
Compare
|
|
||
| fn main() -> Result<(), Box<dyn Error + Send + Sync>> { | ||
| tracing_subscriber::fmt() | ||
| .with_max_level(tracing::Level::DEBUG) // Adjust level as needed |
There was a problem hiding this comment.
udpated
There was a problem hiding this comment.
Marking as unresolved as you do not appear to be using EnvFilter yet
Cargo.toml
Outdated
| rustls = { version = "0.21", features = ["dangerous_configuration"], optional = true } | ||
| rustls = { version = "0.21", features = [ | ||
| "dangerous_configuration", | ||
| ], optional = true } |
There was a problem hiding this comment.
Please, do you think you could configure your editor to not automatically re-format all Cargo.toml you touch? It would be preferable so we don’t end up with noise, and don’t deviate too much from other Rust projects.
Most Rust projects typically does not use this formatting. This is well explained by the style guide from the Rust compiler: "[f]or array values, such as a list of features, put the entire list on the same line as the key, if it fits".
I would prefer we wait for official support in rustfmt before we apply such automatic formatting.
There was a problem hiding this comment.
updated, both the my disabled my vscode formatter and the file. Do you have a recommanded toml formatter tool for this?
There was a problem hiding this comment.
Sadly there is currently no blessed formatter for Cargo.toml as of today (but that would be rust-lang/rustfmt#5240 when it’s ready)
| @@ -889,7 +1075,7 @@ impl<'a> Kerberos { | |||
| let encoded_auth = picky_asn1_der::to_vec(&authenticator)?; | |||
| info!(encoded_ap_req_authenticator = ?encoded_auth); | |||
|
|
|||
| // FIXME: properly negotiate mech id - Windows always does KRB5 U2U | |||
| // FIXME: properly negotiate mech id - Windows always does KRB5 U2U for Non-HTTP Target | |||
There was a problem hiding this comment.
Is it an issue we should track seriously, and create an issue for it?
cc @awakecoding
src/kerberos/mod.rs
Outdated
| // 4 = size of u32 | ||
| nonce: &OsRng.gen::<[u8; 4]>(), |
There was a problem hiding this comment.
Note that you could use core::mem::size_of::<u32>() so the code is self-explanatory
There was a problem hiding this comment.
this is direct copy from original code
There was a problem hiding this comment.
Oh okay, I understand. Do you think you could address this anyway while you’re at it? Thank you
Note: another alternative is
OsRng.gen::<u32>().to_ne_bytes(),
Co-authored-by: Benoît Cortier <bcortier@proton.me>
Co-authored-by: Benoît Cortier <bcortier@proton.me>
Co-authored-by: Benoît Cortier <bcortier@proton.me>
Co-authored-by: Benoît Cortier <bcortier@proton.me>
Co-authored-by: Benoît Cortier <bcortier@proton.me>
…' of https://github.com/Devolutions/sspi-rs into ARC-144-sspi-rs-WASM-module-and-JavaScript-API-for-NTLM
| username, | ||
| password: password.into(), | ||
| domain: None, | ||
| #[cfg(feature = "network_client")] |
There was a problem hiding this comment.
You can put this at the top of the file:
#![cfg(feature = "network_client")]There was a problem hiding this comment.
the problem is that cargo test needs to see the main function present in the file. if I put it on top, it will not pass cargo test
There was a problem hiding this comment.
You’re right! Actually, in this case you should remove the#[cfg]s altogether, and add this at the bottom of the Cargo.toml instead:
[[example]]
name = "kerberos"
required-features = ["network_client"]This specifies that this example needs the "network_client" feature enabled in order to be compiled and it will be ignored if the feature is not available.
|
I will keep this PR as draft, just in case I found things not working with my winrm client |
|
Not correct path, problem solved without using the newly implemented variation of Kerb5 protocol |
irvingoujAtDevolution
deleted the
ARC-144-sspi-rs-WASM-module-and-JavaScript-API-for-NTLM
branch
irvingoujAtDevolution
restored the
ARC-144-sspi-rs-WASM-module-and-JavaScript-API-for-NTLM
branch
CBenoit
deleted the
ARC-144-sspi-rs-WASM-module-and-JavaScript-API-for-NTLM
branch
winrm connection seems disagree with Ker5 user to user protocol, add a new if condition, if the target is http (aka winrm server), then use plain kerbero5 protocol instead of user to user